You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2018/07/19 07:57:18 UTC
[2/2] directory-kerby git commit: DIRKRB-724 Replace JNDI with LDAP
API in LDAP plugin.
DIRKRB-724 Replace JNDI with LDAP API in LDAP plugin.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/54127a1d
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/54127a1d
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/54127a1d
Branch: refs/heads/kerby-2.0.0
Commit: 54127a1dc750856be384c0f29674268c5c9a3c61
Parents: d152636
Author: plusplusjiajia <ji...@intel.com>
Authored: Thu Jul 19 15:46:16 2018 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Thu Jul 19 15:46:16 2018 +0800
----------------------------------------------------------------------
.../org/apache/kerby/has/client/HasClient.java | 2 +-
has-project/has-plugins/pom.xml | 13 ++-
.../plugins/server/ldap/LDAPServerPlugin.java | 7 +-
.../has/plugins/server/ldap/LDAPUtils.java | 90 +++++++++-----------
.../server/ldap/conf/LDAPServerConf.java | 32 +++----
5 files changed, 72 insertions(+), 72 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/54127a1d/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasClient.java
----------------------------------------------------------------------
diff --git a/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasClient.java b/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasClient.java
index 66e150a..c59e70d 100755
--- a/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasClient.java
+++ b/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasClient.java
@@ -317,7 +317,7 @@ public class HasClient {
} catch (HasException e) {
LOG.debug("Failed to handle response when requesting tgt ticket in client."
+ e.getMessage());
- throw new HasException(e);
+ throw new HasException(e.getMessage());
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/54127a1d/has-project/has-plugins/pom.xml
----------------------------------------------------------------------
diff --git a/has-project/has-plugins/pom.xml b/has-project/has-plugins/pom.xml
index 2d0a268..4665a97 100644
--- a/has-project/has-plugins/pom.xml
+++ b/has-project/has-plugins/pom.xml
@@ -38,12 +38,23 @@
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
-
<dependency>
<groupId>org.ini4j</groupId>
<artifactId>ini4j</artifactId>
<version>0.5.4</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.directory.api</groupId>
+ <artifactId>api-ldap-client-api</artifactId>
+ <version>${ldap.api.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.api</groupId>
+ <artifactId>api-ldap-codec-standalone</artifactId>
+ <version>1.0.0</version>
+ </dependency>
+
+
</dependencies>
</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/54127a1d/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/server/ldap/LDAPServerPlugin.java
----------------------------------------------------------------------
diff --git a/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/server/ldap/LDAPServerPlugin.java b/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/server/ldap/LDAPServerPlugin.java
index 59d36d5..eb274dd 100755
--- a/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/server/ldap/LDAPServerPlugin.java
+++ b/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/server/ldap/LDAPServerPlugin.java
@@ -17,6 +17,7 @@
*/
package org.apache.kerby.has.plugins.server.ldap;
+import org.apache.kerby.has.common.HasException;
import org.apache.kerby.has.server.AbstractHasServerPlugin;
import org.apache.kerby.has.server.HasAuthenException;
import org.apache.kerby.kerberos.kerb.type.base.AuthToken;
@@ -55,10 +56,10 @@ public class LDAPServerPlugin extends AbstractHasServerPlugin {
authToken.setExpirationTime(userToken.getExpiredTime());
authToken.addAttribute("passPhrase", pwd);
} else {
- throw new HasAuthenException("LDAP do user auth failed");
+ throw new HasAuthenException("LDAP user auth failed");
}
- } catch (Exception e) {
- throw new HasAuthenException("LDAP do user auth failed", e);
+ } catch (HasException e) {
+ throw new HasAuthenException("LDAP user auth failed. " + e.getMessage());
}
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/54127a1d/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/server/ldap/LDAPUtils.java
----------------------------------------------------------------------
diff --git a/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/server/ldap/LDAPUtils.java b/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/server/ldap/LDAPUtils.java
index 300fb2e..2534368 100644
--- a/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/server/ldap/LDAPUtils.java
+++ b/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/server/ldap/LDAPUtils.java
@@ -17,21 +17,19 @@
*/
package org.apache.kerby.has.plugins.server.ldap;
+import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
+import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
+import org.apache.directory.api.ldap.model.name.Dn;
+import org.apache.directory.api.ldap.model.name.Rdn;
+import org.apache.directory.api.ldap.model.password.PasswordUtil;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
+import org.apache.kerby.has.common.HasException;
import org.apache.kerby.has.plugins.server.ldap.conf.LDAPServerConf;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.naming.Context;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.InitialDirContext;
-import javax.naming.directory.SearchControls;
-import javax.naming.directory.SearchResult;
-import java.util.HashMap;
-import java.util.Hashtable;
-import java.util.Map;
-
public class LDAPUtils {
public static final Logger LOG = LoggerFactory.getLogger(LDAPUtils.class);
@@ -45,48 +43,38 @@ public class LDAPUtils {
}
}
- public static boolean doUserAuth(String user, String pwd) throws NamingException {
- Map env = new HashMap<>();
- env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
- env.put(Context.PROVIDER_URL, ldapServerConf.getLdapUrl());
- env.put(Context.SECURITY_AUTHENTICATION, "simple");
- env.put(Context.SECURITY_PRINCIPAL, ldapServerConf.getBindDN());
- env.put(Context.SECURITY_CREDENTIALS, ldapServerConf.getBindPwd());
- DirContext ctx = null;
-
- boolean ret = false;
+ public static boolean doUserAuth(String user, String pwd) throws HasException {
+ LdapNetworkConnection connection = new LdapNetworkConnection(
+ ldapServerConf.getHost(), Integer.parseInt(ldapServerConf.getPort()));
try {
- ctx = new InitialDirContext(new Hashtable<>(env));
- SearchControls ctls = new SearchControls();
- ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
- ctls.setReturningAttributes(new String[0]);
- ctls.setReturningObjFlag(true);
-
- String filter = String.format("(&(%s)(%s={0}))",
- ldapServerConf.getUserFilter(), ldapServerConf.getUserNameAttr());
- NamingEnumeration enm = ctx.search(
- ldapServerConf.getBaseDN(), filter, new String[]{user}, ctls);
- String dn = null;
- if (enm.hasMore()) {
- SearchResult result = (SearchResult) enm.next();
- dn = result.getNameInNamespace();
- System.out.println("dn: " + dn);
- }
- if (dn == null || enm.hasMore()) {
- throw new NamingException("Duplication user, Authentication failed");
+ connection.bind(ldapServerConf.getBindDN(), ldapServerConf.getBindPwd());
+ } catch (LdapException e) {
+ throw new HasException("Failed to bind. " + e.getMessage());
+ }
+ Dn dn;
+ try {
+ dn = new Dn(new Rdn(ldapServerConf.getUserNameAttr(), user),
+ new Dn(ldapServerConf.getBaseDN()));
+ } catch (LdapInvalidDnException e) {
+ throw new HasException(e.getMessage());
+ }
+ Entry entry;
+ try {
+ entry = connection.lookup(dn);
+ } catch (LdapException e) {
+ throw new HasException(e.getMessage());
+ }
+ if (entry == null) {
+ throw new HasException("Please check your user name: " + user);
+ }
+ try {
+ if (PasswordUtil.compareCredentials(pwd.getBytes(), entry.get("userpassword").getBytes())) {
+ return true;
+ } else {
+ throw new HasException("Wrong user password.");
}
- ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, dn);
- ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, pwd);
- ctx.lookup(dn);
- enm.close();
-
- ret = true;
- } catch (NamingException e) {
- System.out.println(e.getMessage());
- } finally {
- ctx.close();
+ } catch (LdapInvalidAttributeValueException e) {
+ throw new HasException(e.getMessage());
}
-
- return ret;
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/54127a1d/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/server/ldap/conf/LDAPServerConf.java
----------------------------------------------------------------------
diff --git a/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/server/ldap/conf/LDAPServerConf.java b/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/server/ldap/conf/LDAPServerConf.java
index 134711f..fbea036 100644
--- a/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/server/ldap/conf/LDAPServerConf.java
+++ b/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/server/ldap/conf/LDAPServerConf.java
@@ -23,12 +23,12 @@ import java.io.File;
public class LDAPServerConf {
- private String userFilter = "objectclass=*";
private String userNameAttr = "sn";
- private String ldapUrl = null;
private String baseDN = null;
private String bindDN = null;
private String bindPwd = null;
+ private String host;
+ private String port;
public LDAPServerConf(String confDir) throws Exception {
if (confDir == null) {
@@ -37,36 +37,36 @@ public class LDAPServerConf {
String confFile = confDir + "/ldap-server.ini";
Wini ini = new Wini(new File(confFile));
- userFilter = ini.get("users", "user_filter");
+ host = ini.get("ldap", "host");
+ port = ini.get("ldap", "port");
userNameAttr = ini.get("users", "user_name_attr");
- ldapUrl = ini.get("ldap", "ldap_url");
baseDN = ini.get("ldap", "base_dn");
bindDN = ini.get("ldap", "bind_dn");
bindPwd = ini.get("ldap", "bind_password");
}
- public String getUserFilter() {
- return userFilter;
+ public String getHost() {
+ return host;
}
- public void setUserFilter(String userFilter) {
- this.userFilter = userFilter;
+ public void setHost(String host) {
+ this.host = host;
}
- public String getUserNameAttr() {
- return userNameAttr;
+ public String getPort() {
+ return port;
}
- public void setUserNameAttr(String userNameAttr) {
- this.userNameAttr = userNameAttr;
+ public void setPort(String port) {
+ this.port = port;
}
- public String getLdapUrl() {
- return ldapUrl;
+ public String getUserNameAttr() {
+ return userNameAttr;
}
- public void setLdapUrl(String ldapUrl) {
- this.ldapUrl = ldapUrl;
+ public void setUserNameAttr(String userNameAttr) {
+ this.userNameAttr = userNameAttr;
}
public String getBaseDN() {