jrun.security
Class LDAPLoginModule
jrun.security.LDAPLoginModule
- public class LDAPLoginModule
A LoginModule that authenticates the username and password passed in against an LDAP server
through JNDI.
Configuration parameters for this are
The ldap host access string eg: ldapHost = ldap://localhost:389
The DN(DistinguishedName) prefix eg: UserDnPrefix= uid=
The DN suffix eg: UserDnSuffix= ,ou=People,o=macromedia.com
The UserDN is formed by : UserDnPrefix + + UserDnSuffix
The Authentication method eg: securityAuthentication=simple
|
Field Summary |
protected java.lang.String |
loginMode
|
|
Method Summary |
boolean |
abort()
This method is called if the LoginContext's
overall authentication failed. |
boolean |
commit()
protected boolean validateRole() throws LoginException
{
boolean userRoleFound = false;
RolesCallback rcb = new RolesCallback();
Callback[] callbacks = {rcb};
try
{
cbHandler.handle(callbacks);
Principal p = rcb.getPrincipal();
username = p.getName();
Collection rolesToCheck = rcb.getRoles();
ArrayList rolesFromDatabase = getUserRoles();
//Iterate over rolesToCheck and find one in the rolesFromDataBase with the username
Iterator i = rolesToCheck.iterator();
while(i.hasNext() && !userRoleFound)
{
String thisRoleName = (String) i.next();
int numberOfRolesFromDB = rolesFromDatabase.size();
for(int index = 0; index < numberOfRolesFromDB; index++)
{
String dbRoleName = (String) rolesFromDatabase.get(index);
if(thisRoleName.equals(dbRoleName) )
{
succeeded = true;
userRoleFound = true;
}
}
}
}
catch(java.io.IOException e)
{
throw new LoginException(e.toString());
}
catch(UnsupportedCallbackException uce)
{
throw new LoginException(RB.getString(XMLLoginModule.class,"XMLLoginModule.unsupportedCallback", uce.getCallback() ) );
}
catch(Exception e)
{
JRun.getLogger().logError(RB.getString(LDAPLoginModule.class,"JDBCLoginModule.errorValidatingRole"), e);
}
return userRoleFound;
}
protected String getUserPassword() throws LoginException
{
Connection conn = null;
PreparedStatement ps = null;
String passwordFromResult=null;
try
{
InitialContext ctx = new InitialContext();
DataSource ds = (DataSource) ctx.lookup(dsJndiName);
if(dbUserId != null)
ds.getConnection(dbUserId, dbPassword);
else
conn = ds.getConnection();
// The user can either provide a SQL query string or the tablename, password and username columns
if(queryString != null)
{
ps = conn.prepareStatement(queryString);
ps.setString(1, username);
}
else
{
queryString = "select " + passwordColumn + " from " + tableName + " where " + userColumn + "=" + username;
ps = conn.prepareStatement(queryString);
}
ResultSet rs = ps.executeQuery();
if( rs.next() == false )
throw new FailedLoginException(RB.getString(LDAPLoginModule.class,"JDBCLoginModule.userNameNotFound") );
passwordFromResult = rs.getString(1);
rs.close();
}
catch(NamingException ex)
{
throw new LoginException(ex.toString(true));
}
catch(SQLException ex)
{
throw new LoginException(ex.toString());
}
finally
{
connCleanup(ps, conn);
}
return passwordFromResult;
}
protected ArrayList getUserRoles() throws LoginException
{
Connection conn = null;
PreparedStatement ps = null;
ArrayList rolesFromDB= new ArrayList();
try
{
InitialContext ctx = new InitialContext();
DataSource ds = (DataSource) ctx.lookup(dsJndiName);
if(dbUserId != null)
ds.getConnection(dbUserId, dbPassword);
else
conn = ds.getConnection();
// The user can either provide a SQL query string or the tablename, rolename and username columns
if(queryString != null)
{
ps = conn.prepareStatement(queryString);
ps.setString(1, username);
}
else
{
queryString = "select " + roleColumn + " from " + tableName + " where " + userColumn + "=" + username;
ps = conn.prepareStatement(queryString);
}
ResultSet results = ps.executeQuery();
String dbRolename=null;
if(results.getFetchSize() > 0)
{
while(results.next() )
{
dbRolename = results.getString(1);
rolesFromDB.add(dbRolename);
}
}
else
throw new FailedLoginException(RB.getString(LDAPLoginModule.class,"JDBCLoginModule.userNameNotFound") );
results.close();
}
catch(NamingException ex)
{
throw new LoginException(ex.toString(true));
}
catch(SQLException ex)
{
throw new LoginException(ex.toString());
}
finally
{
connCleanup(ps, conn);
}
return rolesFromDB;
}
protected void connCleanup(PreparedStatement ps, Connection conn)
{
if( ps != null )
{
try
{
ps.close();
}
catch(SQLException e)
{}
}
if( conn != null )
{
try
{
conn.close();
}
catch (SQLException ex)
{}
}
} |
void |
initialize(javax.security.auth.Subject subj,
javax.security.auth.callback.CallbackHandler cbh,
java.util.Map sharedState,
java.util.Map options)
|
boolean |
login()
|
protected boolean |
loginUser()
|
boolean |
logout()
Logout the user. |
loginMode
protected java.lang.String loginMode
LDAPLoginModule
public LDAPLoginModule()
initialize
public void initialize(javax.security.auth.Subject subj,
javax.security.auth.callback.CallbackHandler cbh,
java.util.Map sharedState,
java.util.Map options)
login
public boolean login()
throws javax.security.auth.login.LoginException
loginUser
protected boolean loginUser()
throws javax.security.auth.login.LoginException
commit
public boolean commit()
throws javax.security.auth.login.LoginException
- protected boolean validateRole() throws LoginException
{
boolean userRoleFound = false;
RolesCallback rcb = new RolesCallback();
Callback[] callbacks = {rcb};
try
{
cbHandler.handle(callbacks);
Principal p = rcb.getPrincipal();
username = p.getName();
Collection rolesToCheck = rcb.getRoles();
ArrayList rolesFromDatabase = getUserRoles();
//Iterate over rolesToCheck and find one in the rolesFromDataBase with the username
Iterator i = rolesToCheck.iterator();
while(i.hasNext() && !userRoleFound)
{
String thisRoleName = (String) i.next();
int numberOfRolesFromDB = rolesFromDatabase.size();
for(int index = 0; index < numberOfRolesFromDB; index++)
{
String dbRoleName = (String) rolesFromDatabase.get(index);
if(thisRoleName.equals(dbRoleName) )
{
succeeded = true;
userRoleFound = true;
}
}
}
}
catch(java.io.IOException e)
{
throw new LoginException(e.toString());
}
catch(UnsupportedCallbackException uce)
{
throw new LoginException(RB.getString(XMLLoginModule.class,"XMLLoginModule.unsupportedCallback", uce.getCallback() ) );
}
catch(Exception e)
{
JRun.getLogger().logError(RB.getString(LDAPLoginModule.class,"JDBCLoginModule.errorValidatingRole"), e);
}
return userRoleFound;
}
protected String getUserPassword() throws LoginException
{
Connection conn = null;
PreparedStatement ps = null;
String passwordFromResult=null;
try
{
InitialContext ctx = new InitialContext();
DataSource ds = (DataSource) ctx.lookup(dsJndiName);
if(dbUserId != null)
ds.getConnection(dbUserId, dbPassword);
else
conn = ds.getConnection();
// The user can either provide a SQL query string or the tablename, password and username columns
if(queryString != null)
{
ps = conn.prepareStatement(queryString);
ps.setString(1, username);
}
else
{
queryString = "select " + passwordColumn + " from " + tableName + " where " + userColumn + "=" + username;
ps = conn.prepareStatement(queryString);
}
ResultSet rs = ps.executeQuery();
if( rs.next() == false )
throw new FailedLoginException(RB.getString(LDAPLoginModule.class,"JDBCLoginModule.userNameNotFound") );
passwordFromResult = rs.getString(1);
rs.close();
}
catch(NamingException ex)
{
throw new LoginException(ex.toString(true));
}
catch(SQLException ex)
{
throw new LoginException(ex.toString());
}
finally
{
connCleanup(ps, conn);
}
return passwordFromResult;
}
protected ArrayList getUserRoles() throws LoginException
{
Connection conn = null;
PreparedStatement ps = null;
ArrayList rolesFromDB= new ArrayList();
try
{
InitialContext ctx = new InitialContext();
DataSource ds = (DataSource) ctx.lookup(dsJndiName);
if(dbUserId != null)
ds.getConnection(dbUserId, dbPassword);
else
conn = ds.getConnection();
// The user can either provide a SQL query string or the tablename, rolename and username columns
if(queryString != null)
{
ps = conn.prepareStatement(queryString);
ps.setString(1, username);
}
else
{
queryString = "select " + roleColumn + " from " + tableName + " where " + userColumn + "=" + username;
ps = conn.prepareStatement(queryString);
}
ResultSet results = ps.executeQuery();
String dbRolename=null;
if(results.getFetchSize() > 0)
{
while(results.next() )
{
dbRolename = results.getString(1);
rolesFromDB.add(dbRolename);
}
}
else
throw new FailedLoginException(RB.getString(LDAPLoginModule.class,"JDBCLoginModule.userNameNotFound") );
results.close();
}
catch(NamingException ex)
{
throw new LoginException(ex.toString(true));
}
catch(SQLException ex)
{
throw new LoginException(ex.toString());
}
finally
{
connCleanup(ps, conn);
}
return rolesFromDB;
}
protected void connCleanup(PreparedStatement ps, Connection conn)
{
if( ps != null )
{
try
{
ps.close();
}
catch(SQLException e)
{}
}
if( conn != null )
{
try
{
conn.close();
}
catch (SQLException ex)
{}
}
}
abort
public boolean abort()
throws javax.security.auth.login.LoginException
This method is called if the LoginContext's
overall authentication failed.
(the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
did not succeed).
If this LoginModule's own authentication attempt
succeeded (checked by retrieving the private state saved by the
login and commit methods),
then this method cleans up any state that was originally saved.
- Returns:
- false if this LoginModule's own login and/or commit attempts
failed, and true otherwise.
- Throws:
LoginException - if the abort fails.
logout
public boolean logout()
throws javax.security.auth.login.LoginException
- Logout the user.
This method removes the SamplePrincipal
that was added by the commit method.
- Returns:
- true in all cases since this
LoginModule
should not be ignored. - Throws:
LoginException - if the logout fails.
Copyright � 2002 Macromedia Corporation. All Rights Reserved.