All Downloads are FREE. Search and download functionalities are using the official Maven repository.

templates.security.LdapUserAuthenticator Maven / Gradle / Ivy

/*
 * Copyright (c) 2010-2015 Pivotal Software, Inc. All rights reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you
 * may not use this file except in compliance with the License. You
 * may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * permissions and limitations under the License. See accompanying
 * LICENSE file.
 */
package templates.security;

import com.gemstone.gemfire.LogWriter;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.security.AuthenticationFailedException;
import com.gemstone.gemfire.security.Authenticator;

import java.security.Principal;
import java.util.Properties;
import javax.naming.Context;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;

/**
 * @author Kumar Neeraj
 * @since 5.5
 */
public class LdapUserAuthenticator implements Authenticator {

  private String ldapServer = null;

  private String basedn = null;

  private String ldapUrlScheme = null;

  public static final String LDAP_SERVER_NAME = "security-ldap-server";

  public static final String LDAP_BASEDN_NAME = "security-ldap-basedn";

  public static final String LDAP_SSL_NAME = "security-ldap-usessl";

  public static Authenticator create() {
    return new LdapUserAuthenticator();
  }

  public LdapUserAuthenticator() {
  }

  public void init(Properties securityProps, LogWriter systemLogger,
      LogWriter securityLogger) throws AuthenticationFailedException {
    this.ldapServer = securityProps.getProperty(LDAP_SERVER_NAME);
    if (this.ldapServer == null || this.ldapServer.length() == 0) {
      throw new AuthenticationFailedException(
          "LdapUserAuthenticator: LDAP server property [" + LDAP_SERVER_NAME
              + "] not specified");
    }
    this.basedn = securityProps.getProperty(LDAP_BASEDN_NAME);
    if (this.basedn == null || this.basedn.length() == 0) {
      throw new AuthenticationFailedException(
          "LdapUserAuthenticator: LDAP base DN property [" + LDAP_BASEDN_NAME
              + "] not specified");
    }
    String sslStr = securityProps.getProperty(LDAP_SSL_NAME);
    if (sslStr != null && sslStr.toLowerCase().equals("true")) {
      this.ldapUrlScheme = "ldaps://";
    }
    else {
      this.ldapUrlScheme = "ldap://";
    }
  }

  public Principal authenticate(Properties props, DistributedMember member) {

    String userName = props.getProperty(UserPasswordAuthInit.USER_NAME);
    if (userName == null) {
      throw new AuthenticationFailedException(
          "LdapUserAuthenticator: user name property ["
              + UserPasswordAuthInit.USER_NAME + "] not provided");
    }
    String passwd = props.getProperty(UserPasswordAuthInit.PASSWORD);
    if (passwd == null) {
      passwd = "";
    }

    Properties env = new Properties();
    env
        .put(Context.INITIAL_CONTEXT_FACTORY,
            "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, this.ldapUrlScheme + this.ldapServer + '/'
        + this.basedn);
    String fullentry = "uid=" + userName + "," + this.basedn;
    env.put(Context.SECURITY_PRINCIPAL, fullentry);
    env.put(Context.SECURITY_CREDENTIALS, passwd);
    try {
      DirContext ctx = new InitialDirContext(env);
      ctx.close();
    }
    catch (Exception e) {
      //TODO:hitesh need to add getCause message
      throw new AuthenticationFailedException(
          "LdapUserAuthenticator: Failure with provided username, password "
              + "combination for user name: " + userName);
    }
    return new UsernamePrincipal(userName);
  }

  public void close() {
  }

}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy