LDAPSecurityModule xref

View Javadoc

1   /*
2    * $Id: LDAPSecurityModule.java 20 2004-07-28 12:07:45Z josem $
3    *
4    * JBoss Security Modules
5    * Copyright (C) 2002 Talika Open Source Group
6    *
7    * This library is free software; you can redistribute it and/or
8    * modify it under the terms of the GNU Lesser General Public
9    * License as published by the Free Software Foundation; either
10   * version 2.1 of the License, or (at your option) any later version.
11   *
12   * This library is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15   * Lesser General Public License for more details.
16   *
17   * You should have received a copy of the GNU Lesser General Public
18   * License along with this library; if not, write to the Free Software
19   * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
20   *
21   */
22  
23  package org.talika.jsm;
24  
25  import java.security.*;
26  import javax.naming.*;
27  import javax.naming.directory.*;
28  import java.util.Set;
29  import java.util.Hashtable;
30  
31  import org.jboss.security.RealmMapping;
32  import org.jboss.security.EJBSecurityManager;
33  
34  /***
35   *
36   * @author  Jose M. Palomar <josem@talika.org>
37   * @version $Revision: 20 $
38   */
39  public class LDAPSecurityModule implements RealmMapping, EJBSecurityManager
40  {
41  
42      /*** Creates new LDAPSecurityModule */
43      public LDAPSecurityModule(DirContext ctx, String searchBase) {
44  
45          _ctx = ctx;
46          _searchBase = searchBase;        
47          
48      }
49  
50      public Principal getPrincipal(Principal principal) {
51          return principal;
52      }
53      
54      public boolean doesUserHaveRole(Principal principal, Set roles) {
55          
56          boolean hasRole = false;
57                  
58          if(principal != null && roles != null) {
59                                      
60              try {
61                  
62                  SearchResult sr = searchPrincipal(principal);
63                  if(sr != null) {
64                      
65                      Attributes attrs = sr.getAttributes();
66                      if(attrs != null) {
67  
68                          Attribute roleAttr = attrs.get(ROLE_ATTR);
69                          if(roleAttr != null) {
70                  
71                              NamingEnumeration roleValues = roleAttr.getAll();
72                              while(roleValues.hasMore() && !hasRole) {
73                      
74                                  String role = (String) roleValues.next();
75                                  if (roles.contains(role))
76                                      hasRole = true;
77                                      
78                              }
79                          }
80                      }
81                  
82                  }
83                                  
84              }
85              catch(NamingException ne) {
86                  ne.printStackTrace();
87              }
88  
89          }
90          
91          return hasRole;
92          
93      }
94      
95      public boolean isValid(Principal principal, Object credential) {
96          
97          boolean valid = false;
98                  
99          if(principal != null && credential != null) {
100                                     
101             try {
102                 
103                 SearchResult sr = searchPrincipal(principal);
104                 if(sr != null) {
105                 
106                     // Get DN of principal
107                     String principalDN = sr.getName();
108                     if(sr.isRelative())
109                          principalDN += "," + _searchBase;
110                         
111                     // Rebind with principalDN and credential 
112                     Hashtable env = _ctx.getEnvironment();
113                     
114                     env.put(Context.SECURITY_PRINCIPAL, principalDN);
115                     env.put(Context.SECURITY_CREDENTIALS, credential);
116                                         
117                     try {
118                         DirContext ctx = new InitialDirContext(env);
119                         valid = true;
120                     }
121                     catch(NamingException ne) { }
122                     
123                 }
124                 
125             }
126             catch(NamingException ne) {
127                 ne.printStackTrace();
128             }
129             
130         }
131         
132         return valid;
133         
134     }
135     
136     private SearchResult searchPrincipal(Principal principal) throws NamingException {
137         
138         // Set search options 
139         SearchControls searchCtrl = new SearchControls();
140         searchCtrl.setSearchScope(SearchControls.SUBTREE_SCOPE);
141         searchCtrl.setReturningAttributes(ATTRIBUTES);
142         
143         // Search
144         NamingEnumeration results = _ctx.search(_searchBase, "(&(objectclass="+OBJECTCLASS+")(uid="+principal.getName()+"))",searchCtrl);
145         if(results != null && results.hasMore()) {
146             return (SearchResult) results.next();
147         }
148         else
149             return null;
150         
151     }
152     
153     private DirContext _ctx = null;
154     private String _url = null;
155     private String _user = null;
156     private String _password = null;
157     private String _searchBase = null;    
158     
159     public final static String USER_ATTR = "uid";
160     public final static String ROLE_ATTR = "role";
161     public final static String[] ATTRIBUTES = {USER_ATTR, ROLE_ATTR};
162 
163     public final static String OBJECTCLASS = "j2eeAccount";
164     
165 }