• Home
• org.romaframework
• roma-users
• 3.0.0-BETA
• source code
• LdapAuthentication.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.romaframework.module.users.LdapAuthentication Maven / Gradle / Ivy

/*
 * Copyright 2009 Luigi Dell'Aquila (luigi.dellaquila--at--assetdata.it)
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 * 
 * http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */
package org.romaframework.module.users;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;

import org.romaframework.aspect.authentication.AuthenticationException;
import org.romaframework.aspect.persistence.QueryByFilter;
import org.romaframework.core.Roma;
import org.romaframework.module.users.domain.BaseAccount;
import org.romaframework.module.users.domain.BaseAccountStatus;

/**
 * LDAP implementation of the authentication aspect. Allows to use an LDAP (or ActiveDirectory) server for authentication.

 * To replace the default implementation of AuthenticationAspect with this implementation you have to modify
 * "applicationContext-core.xml" and replace the bean named "AuthenticationAspect" with the following: 

 * 

 * 
 * 	<bean id="AuthenticationAspect" class="org.romaframework.module.users.LdapAuthentication" singleton="true">

 * 	<property name="domain" value="<domain-name>" />

 * 	 <property name="ldapHost" value="ldap://<host-name>" />

 * 	  <property name="searchBase" value="your AD root, e.g. dc=mydomain,dc=org" />

 * 	 <property name="singleSessionPerUser" value="false" />

 * 	 <property name="accountBinder">

 * 	  <bean class="org.romaframework.module.users.SimpleAccountBinder"/>

 * 	  <!-- override this for a new strategy of binding an LDAP account to a BaseAccount -->

 * 	 </property>

 * 	</bean>

 * 
 * 
 * @author Luigi Dell'Aquila
 * 
 */
public class LdapAuthentication extends UsersAuthentication {

	/**
	 * users that have to be authenticated with basic {@link UsersAuthentication}
	 */
	protected List	nonLdapUsers	= new ArrayList();

	/**
	 * your domain name
	 */
	protected String				domain;

	/**
	 * ldap://<your AD controller>
	 */
	protected String				ldapHost;

	/**
	 * your AD root e.g. dc=mydomain,dc=org
	 */
	protected String				searchBase;

	protected AccountBinder	accountBinder;

	protected List	returnedAttributes;

	@Override
	public Object authenticate(String iUserName, String iUserPasswd, Map iParameters) throws AuthenticationException {

		if (nonLdapUsers != null && nonLdapUsers.contains(iUserName)) {
			return super.authenticate(iUserName, iUserPasswd, iParameters);
		}

		Map authenticationResult = authenticateLdap(iUserName, iUserPasswd);
		BaseAccount account = null;
		AccountBinder binder = accountBinder;
		if (binder == null) {
			binder = new SimpleAccountBinder();
		}
		if (authenticationResult != null) {
			account = binder.getAccount(iUserName, authenticationResult);
		}

		if (account == null) {
			throwException("Authentication failed");
		}
		QueryByFilter byFilter = new QueryByFilter(BaseAccountStatus.class);
		byFilter.addItem("name", QueryByFilter.FIELD_EQUALS, UsersInfoConstants.STATUS_ACTIVE);
		BaseAccountStatus accountStatus = Roma.context().persistence().queryOne(byFilter);
		if (account.getStatus() == null || !account.getStatus().equals(accountStatus))
			throwException("Account " + iUserName + " is not active");

		if (isSingleSessionPerUser()) {
			dropExistingSessions(account);
		}

		Roma.session().getActiveSessionInfo().setAccount(account);

		return account;
	}

	public AccountBinder getAccountBinder() {
		return accountBinder;
	}

	public void setAccountBinder(AccountBinder accountBinder) {
		this.accountBinder = accountBinder;
	}

	protected Map authenticateLdap(String user, String pass) {

		String searchFilter = "(&(objectClass=user)(sAMAccountName=" + user + "))";

		// Create the search controls
		SearchControls searchCtls = new SearchControls();
		if (!(returnedAttributes == null) && returnedAttributes.size() > 0) {
			searchCtls.setReturningAttributes(returnedAttributes.toArray(new String[0]));
		}
		// Specify the search scope
		searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);

		Hashtable env = new Hashtable();
		env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
		env.put(Context.PROVIDER_URL, ldapHost);
		env.put(Context.SECURITY_AUTHENTICATION, "simple");
		env.put(Context.SECURITY_PRINCIPAL, user + "@" + domain);
		env.put(Context.SECURITY_CREDENTIALS, pass);

		LdapContext ctxGC = null;

		try {
			ctxGC = new InitialLdapContext(env, null);
			// Search objects in GC using filters
			NamingEnumeration answer = ctxGC.search(searchBase, searchFilter, searchCtls);
			while (answer.hasMoreElements()) {
				SearchResult sr = (SearchResult) answer.next();
				Attributes attrs = sr.getAttributes();
				Map amap = null;
				if (attrs != null) {
					amap = new HashMap();
					NamingEnumeration ne = attrs.getAll();
					while (ne.hasMore()) {
						Attribute attr = (Attribute) ne.next();
						amap.put(attr.getID(), attr.get());
					}
					ne.close();
				}
				return amap;
			}
		} catch (NamingException ex) {
			ex.printStackTrace();
		}

		return null;
	}

	public String getDomain() {
		return domain;
	}

	public void setDomain(String domain) {
		this.domain = domain;
	}

	public String getLdapHost() {
		return ldapHost;
	}

	public void setLdapHost(String ldapHost) {
		this.ldapHost = ldapHost;
	}

	public String getSearchBase() {
		return searchBase;
	}

	public void setSearchBase(String searchBase) {
		this.searchBase = searchBase;
	}

	public List getReturnedAttributes() {
		return returnedAttributes;
	}

	public void setReturnedAttributes(List returnedAttributes) {
		this.returnedAttributes = returnedAttributes;
	}

	public List getNonLdapUsers() {
		return nonLdapUsers;
	}

	public void setNonLdapUsers(List nonLdapUsers) {
		this.nonLdapUsers = nonLdapUsers;
	}

}