• Home
• io.milton
• milton-server-ce
• 4.0.5.2400
• source code
• LdapSecurityManager.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.milton.http.http11.auth.LdapSecurityManager Maven / Gradle / Ivy

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package io.milton.http.http11.auth;

import io.milton.http.Auth;
import io.milton.http.Request;
import io.milton.http.Request.Method;
import io.milton.resource.Resource;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * 
 * 
 * NOT TESTED YET!!!!!!
 * 
 * 
 * From here: http://www.forumeasy.com/forums/thread.jsp?tid=115170863235&fid=ldapprof5&highlight=Why+DIGEST-MD5+Authentication+Does+Work
 * 
 * Server: AD 2003
Client: JNDI application
User: cn=testuser,cn=users,dc=mydomain,dc=com
Realm: MYREALM
Passwd: (password stored in hash format)
 * 
 * The following settings works

env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
env.put(Context.SECURITY_PRINCIPAL, "testuser"); 

 * 
 * The following settings dose NOT works

env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
env.put(Context.SECURITY_PRINCIPAL, "MYREAM\\testuser"); 



The following settings dose NOT works

env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
env.put(Context.SECURITY_PRINCIPAL, "[email protected]"); 

 *
 * @author brad
 */
public class LdapSecurityManager implements io.milton.http.SecurityManager {

	private static final Logger log = LoggerFactory.getLogger( LdapSecurityManager.class );
	private String ldapUrl = "LDAP://localhost/CN=App1,DC=FM,DC=COM";
	private String realm = "aRealm";
	private boolean enableDigest = true;
	

	@Override
	public Object authenticate(DigestResponse digestRequest) {
		Hashtable env = new Hashtable();
		env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
		env.put(Context.PROVIDER_URL, ldapUrl);

		env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
		env.put(Context.SECURITY_PRINCIPAL, digestRequest.getUser());		
		env.put(Context.SECURITY_CREDENTIALS, digestRequest.getResponseDigest());
		DirContext ctx = null;
		try {
			ctx = new InitialDirContext(env);
			return ctx;
		} catch (NamingException ex) {
			log.warn("login failed", ex);
			return null;
		} finally {
			close(ctx);
		}

	}

	@Override
	public Object authenticate(String user, String password) {
		Hashtable env = new Hashtable();
		env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
		env.put(Context.PROVIDER_URL, ldapUrl);

		env.put(Context.SECURITY_PRINCIPAL, user);		
		env.put(Context.SECURITY_CREDENTIALS, password);
		DirContext ctx = null;
		try {
			ctx = new InitialDirContext(env);
			return ctx;
		} catch (NamingException ex) {
			ex.printStackTrace();
			//log.warn("login failed", ex);
			return null;
		} finally {
			close(ctx);
		}
	}

	@Override
	public boolean authorise(Request request, Method method, Auth auth, Resource resource) {
		DirContext ctx = (DirContext) auth.getTag();
		return ctx != null; // TODO: check for roles in directory
	}

	@Override
	public String getRealm(String host) {
		return realm;
	}

	public void setRealm(String realm) {
		this.realm = realm;
	}
		
	@Override
	public boolean isDigestAllowed() {
		return enableDigest;
	}

	public void setEnableDigest(boolean enableDigest) {
		this.enableDigest = enableDigest;
	}

	public boolean isEnableDigest() {
		return enableDigest;
	}

	public String getLdapUrl() {
		return ldapUrl;
	}

	public void setLdapUrl(String ldapUrl) {
		this.ldapUrl = ldapUrl;
	}
		
	private void close(DirContext ctx) {
		if (ctx != null) {
			try {
				ctx.close();
			} catch (NamingException ex) {
			}
		}
	}
	
}