You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@esme.apache.org by le...@apache.org on 2011/04/01 02:54:26 UTC
svn commit: r1087530 - in /esme/trunk/server: pom.xml
project/build/EsmeProject.scala src/main/resources/ESMELdap.properties
src/main/scala/bootstrap/liftweb/Boot.scala
src/main/scala/org/apache/esme/model/UserAuth.scala
Author: lester
Date: Fri Apr 1 00:54:25 2011
New Revision: 1087530
URL: http://svn.apache.org/viewvc?rev=1087530&view=rev
Log:
ESME-214: Added LDAP integration.
Added:
esme/trunk/server/src/main/resources/ESMELdap.properties
Modified:
esme/trunk/server/pom.xml
esme/trunk/server/project/build/EsmeProject.scala
esme/trunk/server/src/main/scala/bootstrap/liftweb/Boot.scala
esme/trunk/server/src/main/scala/org/apache/esme/model/UserAuth.scala
Modified: esme/trunk/server/pom.xml
URL: http://svn.apache.org/viewvc/esme/trunk/server/pom.xml?rev=1087530&r1=1087529&r2=1087530&view=diff
==============================================================================
--- esme/trunk/server/pom.xml (original)
+++ esme/trunk/server/pom.xml Fri Apr 1 00:54:25 2011
@@ -200,6 +200,11 @@
<version>${lift.version}</version>
</dependency>
<dependency>
+ <groupId>net.liftweb</groupId>
+ <artifactId>lift-ldap_${scala.version}</artifactId>
+ <version>${lift.version}</version>
+ </dependency>
+ <dependency>
<groupId>org.compass-project</groupId>
<artifactId>compass</artifactId>
<version>${compass.version}</version>
@@ -234,7 +239,8 @@
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
- <version>2.4</version>
+ <version>2.5</version>
+ <scope>provided</scope>
</dependency>
<!-- for LiftConsole -->
<dependency>
Modified: esme/trunk/server/project/build/EsmeProject.scala
URL: http://svn.apache.org/viewvc/esme/trunk/server/project/build/EsmeProject.scala?rev=1087530&r1=1087529&r2=1087530&view=diff
==============================================================================
--- esme/trunk/server/project/build/EsmeProject.scala (original)
+++ esme/trunk/server/project/build/EsmeProject.scala Fri Apr 1 00:54:25 2011
@@ -37,7 +37,8 @@ class EsmeProject(info: ProjectInfo) ext
"net.liftweb" %% "lift-actor" % liftVersion % "compile->default",
"net.liftweb" %% "lift-json" % liftVersion % "compile->default",
"net.liftweb" %% "lift-common" % liftVersion % "compile->default",
- "javax.servlet" % "servlet-api" % "2.4" % "compile->default",
+ "net.liftweb" %% "lift-ldap" % liftVersion % "compile->default",
+ "javax.servlet" % "servlet-api" % "2.5" % "provided->default",
"org.compass-project" % "compass" % compassVersion % "compile->default",
"org.apache.lucene" % "lucene-core" % luceneVersion % "compile->default",
"org.apache.lucene" % "lucene-snowball" % luceneVersion % "compile->default",
Added: esme/trunk/server/src/main/resources/ESMELdap.properties
URL: http://svn.apache.org/viewvc/esme/trunk/server/src/main/resources/ESMELdap.properties?rev=1087530&view=auto
==============================================================================
--- esme/trunk/server/src/main/resources/ESMELdap.properties (added)
+++ esme/trunk/server/src/main/resources/ESMELdap.properties Fri Apr 1 00:54:25 2011
@@ -0,0 +1,24 @@
+# Should LDAP be used
+ldap.enabled=false
+
+# Hostname or IP of LDAP server
+ldap.server.host=localhost
+# Port of LDAP server
+ldap.server.port=389
+# Base DN from the LDAP Server
+ldap.server.base=ou=esme,dc=somedomain,dc=org
+# User that has access to LDAP server to perform search operations
+ldap.server.userName=cn=Directory Manager
+# Password for user above
+ldap.server.password=********
+# Authentication type
+ldap.server.authType=simple
+# Referral
+ldap.server.referral=follow
+# Initial context factory class
+ldap.server.initial_context_factory=com.sun.jndi.ldap.LdapCtxFactory
+
+# Prefix for user to whom additional LDAP attributes belong, for example 'uid' or 'cn'
+ldap.cnPrefix=uid
+# User base DN for user to whom additional LDAP attributes belong
+ldap.userBase=ou=esme,dc=somedomain,dc=org
\ No newline at end of file
Modified: esme/trunk/server/src/main/scala/bootstrap/liftweb/Boot.scala
URL: http://svn.apache.org/viewvc/esme/trunk/server/src/main/scala/bootstrap/liftweb/Boot.scala?rev=1087530&r1=1087529&r2=1087530&view=diff
==============================================================================
--- esme/trunk/server/src/main/scala/bootstrap/liftweb/Boot.scala (original)
+++ esme/trunk/server/src/main/scala/bootstrap/liftweb/Boot.scala Fri Apr 1 00:54:25 2011
@@ -132,7 +132,7 @@ class Boot extends Loggable {
LiftRules.dispatch.append(ESMEOpenIDVendor.dispatchPF)
//Resources for Internationalization
- LiftRules.resourceNames = "ESMECustom" :: "ESMEBase" :: "ESMEUI" :: Nil
+ LiftRules.resourceNames = "ESMELdap" :: "ESMECustom" :: "ESMEBase" :: "ESMEUI" :: Nil
//Jquery functions
Modified: esme/trunk/server/src/main/scala/org/apache/esme/model/UserAuth.scala
URL: http://svn.apache.org/viewvc/esme/trunk/server/src/main/scala/org/apache/esme/model/UserAuth.scala?rev=1087530&r1=1087529&r2=1087530&view=diff
==============================================================================
--- esme/trunk/server/src/main/scala/org/apache/esme/model/UserAuth.scala (original)
+++ esme/trunk/server/src/main/scala/org/apache/esme/model/UserAuth.scala Fri Apr 1 00:54:25 2011
@@ -39,6 +39,8 @@ import JE._
import net.liftweb.openid._
+import net.liftweb.ldap._
+
import provider.HTTPRequest
import provider.servlet.HTTPRequestServlet
@@ -53,6 +55,9 @@ import org.openid4java.util._
import javax.servlet.http.HttpServletRequest
+import _root_.javax.naming.NamingEnumeration
+import _root_.javax.naming.directory.{Attributes, Attribute => Attr}
+
/**
* A table that keeps track of authtentications (username/pwd, openid, etc.) for
@@ -272,13 +277,72 @@ object OpenIDAuthModule extends AuthModu
object ContainerManagedAuthModule extends AuthModule {
+ object myLdapVendor extends LDAPVendor
+
+ def myLdap : LDAPVendor = {
+ val ldapSrvHost = S.?("ldap.server.host")
+ info("LDAP server host: %s".format(ldapSrvHost))
+ val ldapSrvPort = S.?("ldap.server.port")
+ info("LDAP server port: %s".format(ldapSrvPort))
+ val ldapSrvBase = S.?("ldap.server.base")
+ info("LDAP server base: %s".format(ldapSrvBase))
+ val ldapSrvUsrName = S.?("ldap.server.userName")
+ info("LDAP server username: %s".format(ldapSrvUsrName))
+ val ldapSrvPwd = S.?("ldap.server.password")
+ info("LDAP server password: %s".format(ldapSrvPwd))
+ val ldapSrvAuthType = S.?("ldap.server.authType")
+ info("LDAP server authentication type: %s".format(ldapSrvAuthType))
+ val ldapSrvReferral= S.?("ldap.server.referral")
+ info("LDAP server referral: %s".format(ldapSrvReferral))
+ val ldapSrvCtxFactory = S.?("ldap.server.initial_context_factory")
+ info("LDAP server initial context factory class: %s".format(ldapSrvCtxFactory))
+
+
+ myLdapVendor.configure(Map("ldap.url" -> "ldap://%s:%s".format(ldapSrvHost, ldapSrvPort),
+ "ldap.base" -> ldapSrvBase,
+ "ldap.userName" -> ldapSrvUsrName,
+ "ldap.password" -> ldapSrvPwd,
+ "ldap.authType" -> ldapSrvAuthType,
+ "referral" -> ldapSrvReferral,
+ "ldap.initial_context_factory" -> ldapSrvCtxFactory))
+ myLdapVendor
+ }
+
+ def getAttrs(who : String) : Map[String, List[String]] = {
+ val cnPrefix = S.?("ldap.cnPrefix")
+ info("LDAP CN prefix: %s".format(cnPrefix))
+ val userBase = S.?("ldap.userBase")
+ info("LDAP user base: %s".format(userBase))
+
+ var attrsMap = Map.empty[String, List[String]]
+ val dn = "%s=%s,%s".format(cnPrefix, who, userBase)
+ info("Distinguished name: %s".format(dn))
+ val attrs : Attributes = myLdap.attributesFromDn(dn)
+ if (attrs != null) {
+ val allAttrs = attrs.getAll();
+ if (allAttrs != null) {
+ while(allAttrs.hasMore()) {
+ val attribute = allAttrs.next().asInstanceOf[Attr];
+ debug("Attribute name: '%s', has following values:".format(attribute.getID()))
+ var attrValues = List.empty[String]
+ for(i <- 0 until attribute.size()) {
+ debug("Attribute value: '%s'".format(attribute.get(i)))
+ attrValues ::= attribute.get(i).toString
+ }
+ attrsMap += (attribute.getID() -> attrValues)
+ }
+ }
+ }
+ attrsMap
+ }
+
// It's possible to get roles list from some external source
// for example from LDAP via Lift API
val rolesToCheck = List(
- "User", "Admin"
+ "esme-users"
)
- override def isDefault = false
+ override def isDefault = true
def loginPresentation: Box[NodeSeq] = Empty
@@ -293,13 +357,15 @@ object ContainerManagedAuthModule extend
S.request match {
case Full(req) => {
val httpRequest: HTTPRequest = req.request
- info("httpRequest: %s ".format(httpRequest))
val hrs = httpRequest.asInstanceOf[HTTPRequestServlet]
val hsr: HttpServletRequest = hrs.req
val username : String = hsr.getRemoteUser
+ debug("Username: '%s'".format(username))
if(username!=null){
val currentRoles = rolesToCheck.filter(hsr.isUserInRole(_))
+ info("User from HTTP Request: %s has following roles=%s".format(username, currentRoles))
if(currentRoles.size == 0) {
+ info("No roles have been found")
S.error(S.?("base_user_err_unknown_creds"))
} else {
currentRoles.map(cr => {
@@ -309,11 +375,21 @@ object ContainerManagedAuthModule extend
User.find(By(User.nickname, username))
} yield user) match {
case Full(user) => {
+ info("User: '%s' has been found".format(user.niceName))
logInUser(user)
}
case _ => {
val usr = User.createAndPopulate.nickname(username).saveMe
- //TODO: find and save additional attributes
+ //find and save additional attributes in LDAP if it's enabled
+ val ldapEnabled = S.?("ldap.enabled")
+ if(ldapEnabled.toBoolean) {
+ val ldapAttrs = getAttrs(username)
+ val firstName = ldapAttrs("givenName").head
+ val lastName = ldapAttrs("sn").head
+ val mail = ldapAttrs("mail").head
+ info("Attributes from LDAP for user '%s'. Firstname: '%s', lastname: '%s', email: '%s'".format(username, firstName, lastName, mail))
+ usr.firstName(firstName).lastName(lastName).save
+ }
UserAuth.create.authType(moduleName).user(usr).authKey(username).save
logInUser(usr)
}