• Home
• net.sf.michael-o.tomcat
• tomcat-authnz-spnego-ad
• 3.3
• source code
• SamAccountNameRfc2247Mapper.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

net.sf.michaelo.tomcat.realm.mapper.SamAccountNameRfc2247Mapper Maven / Gradle / Ivy

/*
 * Copyright 2013–2019 Michael Osipov
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package net.sf.michaelo.tomcat.realm.mapper;

import java.util.Locale;

import javax.naming.Name;
import javax.naming.NameParser;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;

import org.apache.commons.lang3.StringUtils;
import org.ietf.jgss.GSSName;

/**
 * A mapper for the AD attribute {@code sAMAccountName} and the realm. This mapper splits the GSS
 * name in the primary and realm component. The instance component is completely ignored. The
 * primary component is assigned to the {@code sAMAccountName} and the realm is transformed to a
 * search base according to RFC 2247. Moreover,
 * this implementation mimics
 * 
 * {@code DsCrackNames} with {@code formatOffered} set to {@code DS_USER_PRINCIPAL_NAME} and
 * {@code formatDesired} set to {@code DS_FQDN_1779_NAME}. Verified against 
 * Samba's implementation of {@code DsCrackNames}.
 * 

 * Note: This mapper requires to operate from the {@code RootDSE} of a domain
 * controller or better yet, a GC. No root DN normalization (stripping DC components) happens here
 * (yet).
 *
 * @version $Id: SamAccountNameRfc2247Mapper.java 317 2019-03-09 21:26:28Z michael-o $
 */
public class SamAccountNameRfc2247Mapper extends SamAccountNameMapper {

	public synchronized MappedValues map(DirContext context, GSSName gssName)
			throws NamingException {

		String[] upnComponents = StringUtils.split(gssName.toString(), '@');
		String samAccountName = upnComponents[0];
		String realm = upnComponents[1];
		String searchBase = StringUtils.EMPTY;

		String[] realmComponents = StringUtils.split(realm, '.');
		NameParser parser = context.getNameParser(StringUtils.EMPTY);
		Name searchBaseName = parser.parse(StringUtils.EMPTY);

		for (int i = realmComponents.length - 1; i >= 0; i--) {
			searchBaseName.add("DC=" + realmComponents[i].toLowerCase(Locale.ROOT));
		}

		searchBase = searchBaseName.toString();

		return new SamAccountNameMappedValues(searchBase, samAccountName);

	}
}