All Downloads are FREE. Search and download functionalities are using the official Maven repository.

edu.vt.middleware.ldap.auth.Authenticator Maven / Gradle / Ivy

/*
  $Id: Authenticator.java 1330 2010-05-23 22:10:53Z dfisher $

  Copyright (C) 2003-2010 Virginia Tech.
  All rights reserved.

  SEE LICENSE FOR MORE INFORMATION

  Author:  Middleware Services
  Email:   [email protected]
  Version: $Revision: 1330 $
  Updated: $Date: 2010-05-23 18:10:53 -0400 (Sun, 23 May 2010) $
*/
package edu.vt.middleware.ldap.auth;

import java.io.InputStream;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import edu.vt.middleware.ldap.SearchFilter;
import edu.vt.middleware.ldap.auth.handler.AuthenticationResultHandler;
import edu.vt.middleware.ldap.auth.handler.AuthorizationHandler;
import edu.vt.middleware.ldap.auth.handler.CompareAuthorizationHandler;

/**
 * Authenticator contains functions for authenticating a user
 * against an LDAP.
 *
 * @author  Middleware Services
 * @version  $Revision: 1330 $ $Date: 2010-05-23 18:10:53 -0400 (Sun, 23 May 2010) $
 */
public class Authenticator extends AbstractAuthenticator
  implements Serializable
{

  /** serial version uid. */
  private static final long serialVersionUID = -444519681288987247L;


  /** Default constructor. */
  public Authenticator() {}


  /**
   * This will create a new Authenticator with the supplied 
   * AuthenticatorConfig.
   *
   * @param  authConfig  AuthenticatorConfig
   */
  public Authenticator(final AuthenticatorConfig authConfig)
  {
    this.setAuthenticatorConfig(authConfig);
  }


  /**
   * This returns the AuthenticatorConfig of the 
   * Authenticator.
   *
   * @return  AuthenticatorConfig
   */
  public AuthenticatorConfig getAuthenticatorConfig()
  {
    return this.config;
  }


  /**
   * This will set the config parameters of this Authenticator
   * using the default properties file, which must be located in your classpath.
   */
  public void loadFromProperties()
  {
    this.setAuthenticatorConfig(AuthenticatorConfig.createFromProperties(null));
  }


  /**
   * This will set the config parameters of this Authenticator
   * using the supplied input stream.
   *
   * @param  is  InputStream
   */
  public void loadFromProperties(final InputStream is)
  {
    this.setAuthenticatorConfig(AuthenticatorConfig.createFromProperties(is));
  }


  /**
   * This will attempt to find the LDAP DN for the supplied user. {@link
   * AuthenticatorConfig#dnResolver} is invoked to perform this operation.
   *
   * @param  user  String to find dn for
   *
   * @return  String - user's dn
   *
   * @throws  NamingException  an LDAP error occurs
   */
  public String getDn(final String user)
    throws NamingException
  {
    return this.config.getDnResolver().resolve(user);
  }


  /**
   * This will authenticate by binding to the LDAP using parameters given by
   * {@link AuthenticatorConfig#setUser} and {@link
   * AuthenticatorConfig#setCredential}. See {@link #authenticate(String,
   * Object)}.
   *
   * @return  boolean - whether the bind succeeded
   *
   * @throws  NamingException  if the authentication fails for any other reason
   * than invalid credentials
   */
  public boolean authenticate()
    throws NamingException
  {
    return
      this.authenticate(this.config.getUser(), this.config.getCredential());
  }


  /**
   * This will authenticate by binding to the LDAP with the supplied user and
   * credential. If {@link AuthenticatorConfig#setAuthorizationFilter} has been
   * called, then it will be used to authorize the user by performing an ldap
   * compare. See {@link #authenticate(String, Object, SearchFilter)}.
   *
   * @param  user  String username for bind
   * @param  credential  Object credential for bind
   *
   * @return  boolean - whether the bind succeeded
   *
   * @throws  NamingException  if the authentication fails for any other reason
   * than invalid credentials
   */
  public boolean authenticate(final String user, final Object credential)
    throws NamingException
  {
    return
      this.authenticate(
        user,
        credential,
        new SearchFilter(
          this.config.getAuthorizationFilter(),
          this.config.getAuthorizationFilterArgs()));
  }


  /**
   * This will authenticate by binding to the LDAP with the supplied user and
   * credential. If the supplied filter is not null it will be injected into a
   * new instance of CompareAuthorizationHandler and set as the first
   * AuthorizationHandler to execute. If {@link
   * AuthenticatorConfig#setAuthenticationResultHandlers(
   * AuthenticationResultHandler[])} has been called, then it will be used to
   * post process authentication results. See {@link #authenticate(String,
   * Object, AuthenticationResultHandler[], AuthorizationHandler[])}.
   *
   * @param  user  String username for bind
   * @param  credential  Object credential for bind
   * @param  filter  SearchFilter to authorize user
   *
   * @return  boolean - whether the bind succeeded
   *
   * @throws  NamingException  if the authentication fails for any other reason
   * than invalid credentials
   */
  public boolean authenticate(
    final String user,
    final Object credential,
    final SearchFilter filter)
    throws NamingException
  {
    final List authzHandler =
      new ArrayList();
    if (filter != null && filter.getFilter() != null) {
      authzHandler.add(new CompareAuthorizationHandler(filter));
    }
    if (this.config.getAuthorizationHandlers() != null) {
      authzHandler.addAll(
        Arrays.asList(this.config.getAuthorizationHandlers()));
    }
    return
      this.authenticate(
        user,
        credential,
        this.config.getAuthenticationResultHandlers(),
        authzHandler.toArray(new AuthorizationHandler[0]));
  }


  /**
   * This will authenticate by binding to the LDAP with the supplied user and
   * credential. The user's DN will be looked up before performing the bind by
   * calling {@link DnResolver#resolve(String)}. See {@link
   * #authenticateAndAuthorize(String, Object, AuthenticationResultHandler[],
   * AuthorizationHandler[])}.
   *
   * @param  user  String username for bind
   * @param  credential  Object credential for bind
   * @param  authHandler  AuthenticationResultHandler[] to post
   * process authentication results
   * @param  authzHandler  AuthorizationHandler[] to process
   * authorization after authentication
   *
   * @return  boolean - whether the bind succeeded
   *
   * @throws  NamingException  if the authentication fails for any other reason
   * than invalid credentials
   */
  public boolean authenticate(
    final String user,
    final Object credential,
    final AuthenticationResultHandler[] authHandler,
    final AuthorizationHandler[] authzHandler)
    throws NamingException
  {
    return
      super.authenticateAndAuthorize(
        this.getDn(user),
        credential,
        authHandler,
        authzHandler);
  }


  /**
   * This will authenticate by binding to the LDAP using parameters given by
   * {@link AuthenticatorConfig#setUser} and {@link
   * AuthenticatorConfig#setCredential}. See {@link
   * #authenticate(String,Object,String[])}
   *
   * @param  retAttrs  String[] attributes to return
   *
   * @return  Attributes - of authenticated user
   *
   * @throws  NamingException  if any of the ldap operations fail
   */
  public Attributes authenticate(final String[] retAttrs)
    throws NamingException
  {
    return
      this.authenticate(
        this.config.getUser(),
        this.config.getCredential(),
        retAttrs);
  }


  /**
   * This will authenticate by binding to the LDAP with the supplied user and
   * credential. If {@link AuthenticatorConfig#setAuthorizationFilter} has been
   * called, then it will be used to authorize the user by performing an ldap
   * compare. See {@link #authenticate(String, Object, SearchFilter, String[])}
   *
   * @param  user  String username for bind
   * @param  credential  Object credential for bind
   * @param  retAttrs  String[] to return
   *
   * @return  Attributes - of authenticated user
   *
   * @throws  NamingException  if any of the ldap operations fail
   */
  public Attributes authenticate(
    final String user,
    final Object credential,
    final String[] retAttrs)
    throws NamingException
  {
    return
      this.authenticate(
        user,
        credential,
        new SearchFilter(
          this.config.getAuthorizationFilter(),
          this.config.getAuthorizationFilterArgs()),
        retAttrs);
  }


  /**
   * This will authenticate by binding to the LDAP with the supplied user and
   * credential. If the supplied filter is not null it will be injected into a
   * new instance of CompareAuthorizationHandler and set as the first
   * AuthorizationHandler to execute. See {@link #authenticate(String, Object,
   * String[], AuthenticationResultHandler[], AuthorizationHandler[])}.
   *
   * @param  user  String username for bind
   * @param  credential  Object credential for bind
   * @param  filter  SearchFilter to authorize user
   * @param  retAttrs  String[] to return
   *
   * @return  Attributes - of authenticated user
   *
   * @throws  NamingException  if any of the ldap operations fail
   */
  public Attributes authenticate(
    final String user,
    final Object credential,
    final SearchFilter filter,
    final String[] retAttrs)
    throws NamingException
  {
    final List authzHandler =
      new ArrayList();
    if (filter != null && filter.getFilter() != null) {
      authzHandler.add(new CompareAuthorizationHandler(filter));
    }
    if (this.config.getAuthorizationHandlers() != null) {
      authzHandler.addAll(
        Arrays.asList(this.config.getAuthorizationHandlers()));
    }
    return
      this.authenticate(
        user,
        credential,
        retAttrs,
        this.config.getAuthenticationResultHandlers(),
        authzHandler.toArray(new AuthorizationHandler[0]));
  }


  /**
   * This will authenticate by binding to the LDAP with the supplied user and
   * credential. The user's DN will be looked up before performing the bind by
   * calling {@link DnResolver#resolve(String)}. See {@link
   * #authenticateAndAuthorize(String, Object, boolean, String[],
   * AuthenticationResultHandler[], AuthorizationHandler[])}.
   *
   * @param  user  String username for bind
   * @param  credential  Object credential for bind
   * @param  retAttrs  String[] to return
   * @param  authHandler  AuthenticationResultHandler[] to post
   * process authentication results
   * @param  authzHandler  AuthorizationHandler[] to process
   * authorization after authentication
   *
   * @return  Attributes - of authenticated user
   *
   * @throws  NamingException  if any of the ldap operations fail
   */
  public Attributes authenticate(
    final String user,
    final Object credential,
    final String[] retAttrs,
    final AuthenticationResultHandler[] authHandler,
    final AuthorizationHandler[] authzHandler)
    throws NamingException
  {
    return
      this.authenticateAndAuthorize(
        this.getDn(user),
        credential,
        true,
        retAttrs,
        authHandler,
        authzHandler);
  }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy