You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2005/03/16 20:04:07 UTC
svn commit: r157788 - in directory/apacheds/trunk:
core/src/main/java/org/apache/ldap/server/
core/src/main/java/org/apache/ldap/server/auth/
core/src/main/java/org/apache/ldap/server/jndi/ main/
Author: akarasulu
Date: Wed Mar 16 11:04:02 2005
New Revision: 157788
URL: http://svn.apache.org/viewcvs?view=rev&rev=157788
Log:
changes ...
o committed Endi's patches as is but will do some modifications and moving
around of things after commit - use this as point of reference.
Here's the JIRA issue where the patch was contributed:
http://issues.apache.org/jira/browse/DIREVE-145
Endi,
You can track changes I make after this and discuss it with me on list.
Added:
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/Authenticator.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/AuthenticatorConfig.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/AuthenticatorContext.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/auth/AnonymousAuthenticator.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/auth/SimpleAuthenticator.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/AuthenticatorConfigBuilder.java
Modified:
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/ContextPartitionConfig.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/AuthenticationService.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/CoreContextFactory.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/EnvKeys.java
directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/PartitionConfigBuilder.java
directory/apacheds/trunk/main/project.xml
Added: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/Authenticator.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/Authenticator.java?view=auto&rev=157788
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/Authenticator.java (added)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/Authenticator.java Wed Mar 16 11:04:02 2005
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.ldap.server;
+
+import org.apache.ldap.server.jndi.ServerContext;
+import org.apache.ldap.server.auth.LdapPrincipal;
+
+import javax.naming.NamingException;
+
+
+/**
+ * Base class for all Authenticators.
+ *
+ * @author <a href="mailto:endisd@vergenet.com">Endi S. Dewata</a>
+ */
+public class Authenticator {
+
+ /** authenticator config */
+ public AuthenticatorConfig authenticatorConfig;
+ /** authenticator context */
+ public AuthenticatorContext authenticatorContext;
+ /** authenticator type */
+ public String type;
+
+ /**
+ * Create a new Authenticator.
+ *
+ * @param type authenticator's type
+ */
+ public Authenticator( String type )
+ {
+ this.type = type;
+ }
+
+ public AuthenticatorContext getAuthenticatorContext()
+ {
+ return authenticatorContext;
+ }
+
+ public String getType()
+ {
+ return type;
+ }
+
+ /**
+ * Called by the authenticator container to indicate that the authenticator is being placed into service.
+ *
+ * @param authenticatorConfig
+ * @throws NamingException
+ */
+ public void init( AuthenticatorConfig authenticatorConfig ) throws NamingException
+ {
+ this.authenticatorConfig = authenticatorConfig;
+ this.authenticatorContext = authenticatorConfig.getAuthenticatorContext();
+ init();
+ }
+
+ /**
+ * A convenience method which can be overridden so that there's no need to call super.init( authenticatorConfig ).
+ */
+ public void init() throws NamingException
+ {
+
+ }
+
+ /**
+ * Perform the authentication operation and return the authorization id if successfull.
+ *
+ * @param ctx
+ * @return the authorization id
+ * @throws NamingException
+ */
+ public LdapPrincipal authenticate( ServerContext ctx ) throws NamingException
+ {
+ return null;
+ }
+
+}
\ No newline at end of file
Added: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/AuthenticatorConfig.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/AuthenticatorConfig.java?view=auto&rev=157788
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/AuthenticatorConfig.java (added)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/AuthenticatorConfig.java Wed Mar 16 11:04:02 2005
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.ldap.server;
+
+import java.util.Enumeration;
+import java.util.Properties;
+
+/**
+ * A configuration bean for Authenticators.
+ *
+ * @author <a href="mailto:endisd@vergenet.com">Endi S. Dewata</a>
+ */
+public class AuthenticatorConfig {
+
+ private String authenticatorName;
+ private String authenticatorClass;
+ private AuthenticatorContext authenticatorContext;
+ private Properties properties = new Properties();
+
+ public String getAuthenticatorName()
+ {
+ return authenticatorName;
+ }
+
+ public void setAuthenticatorName( String authenticatorName )
+ {
+ this.authenticatorName = authenticatorName;
+ }
+
+ public String getAuthenticatorClass()
+ {
+ return authenticatorClass;
+ }
+
+ public void setAuthenticatorClass( String authenticatorClass )
+ {
+ this.authenticatorClass = authenticatorClass;
+ }
+
+ public Properties getProperties()
+ {
+ return properties;
+ }
+
+ public void setProperties( Properties properties )
+ {
+ this.properties = properties;
+ }
+
+ public String getInitParameter( String name )
+ {
+ return properties.getProperty( name );
+ }
+
+ public Enumeration getInitParameterNames()
+ {
+ return properties.keys();
+ }
+
+ public AuthenticatorContext getAuthenticatorContext()
+ {
+ return authenticatorContext;
+ }
+
+ public void setAuthenticatorContext( AuthenticatorContext authenticatorContext )
+ {
+ this.authenticatorContext = authenticatorContext;
+ }
+}
Added: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/AuthenticatorContext.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/AuthenticatorContext.java?view=auto&rev=157788
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/AuthenticatorContext.java (added)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/AuthenticatorContext.java Wed Mar 16 11:04:02 2005
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.ldap.server;
+
+/**
+ * Base class for all Authenticators.
+ *
+ * @author <a href="mailto:direct ory-dev@incubator.apache.org">Apache Directory Project</a>
+ * @version $Rev: 124525 $
+ */
+public class AuthenticatorContext {
+
+ /** the root nexus to all database partitions */
+ private RootNexus rootNexus;
+ /** whether or not to allow anonymous users */
+ private boolean allowAnonymous = false;
+
+ /**
+ * Create a new AuthenticatorContext.
+ */
+ public AuthenticatorContext()
+ {
+ }
+
+ public RootNexus getRootNexus()
+ {
+ return rootNexus;
+ }
+ public void setRootNexus( RootNexus rootNexus )
+ {
+ this.rootNexus = rootNexus;
+ }
+
+ public boolean getAllowAnonymous()
+ {
+ return allowAnonymous;
+ }
+
+ public void setAllowAnonymous( boolean allowAnonymous )
+ {
+ this.allowAnonymous = allowAnonymous;
+ }
+
+}
\ No newline at end of file
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/ContextPartitionConfig.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/ContextPartitionConfig.java?view=diff&r1=157787&r2=157788
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/ContextPartitionConfig.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/ContextPartitionConfig.java Wed Mar 16 11:04:02 2005
@@ -88,7 +88,7 @@
return partitionClass;
}
- public void setPartitionClass(String partitionClass)
+ public void setPartitionClass( String partitionClass )
{
this.partitionClass = partitionClass;
}
@@ -98,7 +98,7 @@
return properties;
}
- public void setProperties(String properties)
+ public void setProperties( String properties )
{
this.properties = properties;
}
Added: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/auth/AnonymousAuthenticator.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/auth/AnonymousAuthenticator.java?view=auto&rev=157788
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/auth/AnonymousAuthenticator.java (added)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/auth/AnonymousAuthenticator.java Wed Mar 16 11:04:02 2005
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.ldap.server.auth;
+
+import org.apache.ldap.server.Authenticator;
+import org.apache.ldap.server.jndi.ServerContext;
+import org.apache.ldap.common.exception.LdapNoPermissionException;
+
+import javax.naming.NamingException;
+
+/**
+ * @author <a href="mailto:endisd@vergenet.com">Endi S. Dewata</a>
+ */
+public class AnonymousAuthenticator extends Authenticator {
+
+ public AnonymousAuthenticator( )
+ {
+ super( "none" );
+ }
+
+ public LdapPrincipal authenticate( ServerContext ctx ) throws NamingException
+ {
+ if ( getAuthenticatorContext().getAllowAnonymous() )
+ {
+ return LdapPrincipal.ANONYMOUS ;
+ }
+ else
+ {
+ throw new LdapNoPermissionException( "Anonymous bind NOT permitted!" );
+ }
+ }
+}
Added: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/auth/SimpleAuthenticator.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/auth/SimpleAuthenticator.java?view=auto&rev=157788
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/auth/SimpleAuthenticator.java (added)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/auth/SimpleAuthenticator.java Wed Mar 16 11:04:02 2005
@@ -0,0 +1,101 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.ldap.server.auth;
+
+import org.apache.ldap.server.Authenticator;
+import org.apache.ldap.server.RootNexus;
+import org.apache.ldap.server.jndi.ServerContext;
+import org.apache.ldap.common.exception.LdapNameNotFoundException;
+import org.apache.ldap.common.exception.LdapAuthenticationException;
+import org.apache.ldap.common.util.ArrayUtils;
+import org.apache.ldap.common.name.LdapName;
+
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.Attribute;
+
+/**
+ * @author <a href="mailto:endisd@vergenet.com">Endi S. Dewata</a>
+ */
+public class SimpleAuthenticator extends Authenticator {
+
+ public SimpleAuthenticator( )
+ {
+ super( "simple" );
+ }
+
+ public LdapPrincipal authenticate( ServerContext ctx ) throws NamingException
+ {
+ Object creds = ctx.getEnvironment().get( Context.SECURITY_CREDENTIALS );
+
+ if ( creds == null )
+ {
+ creds = ArrayUtils.EMPTY_BYTE_ARRAY;
+ }
+ else if ( creds instanceof String )
+ {
+ creds = ( ( String ) creds ).getBytes();
+ }
+
+ // let's get the principal now
+ String principal;
+ if ( ! ctx.getEnvironment().containsKey( Context.SECURITY_PRINCIPAL ) )
+ {
+ throw new LdapAuthenticationException();
+ }
+ else
+ {
+ principal = ( String ) ctx.getEnvironment().get( Context.SECURITY_PRINCIPAL );
+ if ( principal == null )
+ {
+ throw new LdapAuthenticationException();
+ }
+ }
+
+ LdapName principalDn = new LdapName( principal );
+ RootNexus rootNexus = getAuthenticatorContext().getRootNexus();
+ Attributes userEntry = rootNexus.lookup( principalDn );
+
+ if ( userEntry == null )
+ {
+ throw new LdapNameNotFoundException();
+ }
+
+ Object userPassword;
+ Attribute userPasswordAttr = userEntry.get( "userPassword" );
+ if ( userPasswordAttr == null )
+ {
+ userPassword = ArrayUtils.EMPTY_BYTE_ARRAY;
+ }
+ else
+ {
+ userPassword = userPasswordAttr.get();
+ if ( userPassword instanceof String )
+ {
+ userPassword = ( ( String ) userPassword ).getBytes();
+ }
+ }
+
+ if ( ! ArrayUtils.isEquals( creds, userPassword ) )
+ {
+ throw new LdapAuthenticationException();
+ }
+
+ return new LdapPrincipal( principalDn );
+ }
+}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/AuthenticationService.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/AuthenticationService.java?view=diff&r1=157787&r2=157788
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/AuthenticationService.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/AuthenticationService.java Wed Mar 16 11:04:02 2005
@@ -19,19 +19,19 @@
import javax.naming.Context;
import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
import org.apache.ldap.common.exception.LdapAuthenticationException;
import org.apache.ldap.common.exception.LdapAuthenticationNotSupportedException;
-import org.apache.ldap.common.exception.LdapNameNotFoundException;
-import org.apache.ldap.common.exception.LdapNoPermissionException;
import org.apache.ldap.common.message.ResultCodeEnum;
-import org.apache.ldap.common.name.LdapName;
-import org.apache.ldap.common.util.ArrayUtils;
-import org.apache.ldap.server.RootNexus;
+import org.apache.ldap.common.util.StringTools;
import org.apache.ldap.server.auth.LdapPrincipal;
+import org.apache.ldap.server.Authenticator;
+import java.util.Map;
+import java.util.LinkedHashMap;
+import java.util.Collection;
+import java.util.ArrayList;
+import java.util.Iterator;
/**
* A service used to for authenticating users.
@@ -48,23 +48,65 @@
/** short for Context.SECURITY_CREDENTIALS */
private static final String CREDS = Context.SECURITY_CREDENTIALS;
- /** the root nexus to all database partitions */
- private final RootNexus nexus;
- /** whether or not to allow anonymous users */
- private boolean allowAnonymous = false;
+ /** authenticators **/
+ public Map authenticators = new LinkedHashMap();
/**
* Creates an authentication service interceptor.
+ */
+ public AuthenticationService()
+ {
+ }
+
+ /**
+ * Registers an Authenticator with this AuthenticatorService. Called by each
+ * Authenticator implementation after it has started to register for
+ * authentication operation calls.
*
- * @param nexus the root nexus to access all database partitions
+ * @param authenticator Authenticator component to register with this
+ * AuthenticatorService.
*/
- public AuthenticationService( RootNexus nexus, boolean allowAnonymous )
+ public void register( Authenticator authenticator )
{
- this.nexus = nexus;
- this.allowAnonymous = allowAnonymous;
+ Collection authenticatorList = getAuthenticators( authenticator.getType() );
+ if ( authenticatorList == null )
+ {
+ authenticatorList = new ArrayList();
+ authenticators.put( authenticator.getType(), authenticatorList );
+ }
+ authenticatorList.add( authenticator );
}
+ /**
+ * Unregisters an Authenticator with this AuthenticatorService. Called for each
+ * registered Authenticator right before it is to be stopped. This prevents
+ * protocol server requests from reaching the Backend and effectively puts
+ * the ContextPartition's naming context offline.
+ *
+ * @param authenticator Authenticator component to unregister with this
+ * AuthenticatorService.
+ */
+ public void unregister( Authenticator authenticator )
+ {
+ Collection authenticatorList = getAuthenticators( authenticator.getType() );
+ if ( authenticatorList == null )
+ {
+ return;
+ }
+ authenticatorList.remove( authenticator );
+ }
+
+ /**
+ * Gets the authenticators with a specific type.
+ *
+ * @param type the authentication type
+ * @return the authenticators with the specified type
+ */
+ public Collection getAuthenticators( String type )
+ {
+ return (Collection)authenticators.get( type );
+ }
public void invoke( Invocation invocation ) throws NamingException
{
@@ -87,117 +129,66 @@
return;
}
- // check the kind of authentication being performed
- if ( ctx.getEnvironment().containsKey( AUTH_TYPE ) )
- {
- // authentication type can be anything
+ String authList = ( String ) ctx.getEnvironment().get( AUTH_TYPE );
- String auth = ( String ) ctx.getEnvironment().get( AUTH_TYPE );
- if ( auth.equalsIgnoreCase( "none" ) )
- {
- doAuthNone( ctx );
- }
- else if ( auth.equalsIgnoreCase( "simple" ) )
+ if ( authList == null )
+ {
+ if ( ctx.getEnvironment().containsKey( CREDS ) )
{
- doAuthSimple( ctx );
+ // authentication type is simple here
+ authList = "simple";
}
else
{
- doAuthSasl( ctx );
+ // authentication type is anonymous
+ authList = "none";
}
- }
- else if ( ctx.getEnvironment().containsKey( CREDS ) )
- {
- // authentication type is simple here
- doAuthSimple( ctx );
- }
- else
- {
- // authentication type is anonymous
- doAuthNone( ctx );
- }
- // remove creds so there is no security risk
- ctx.removeFromEnvironment( CREDS );
- }
-
-
- private void doAuthSasl( ServerContext ctx ) throws NamingException
- {
- ctx.getEnvironment(); // shut's up idea's yellow light
- ResultCodeEnum rc = ResultCodeEnum.AUTHMETHODNOTSUPPORTED;
- throw new LdapAuthenticationNotSupportedException( rc );
- }
-
-
- private void doAuthNone( ServerContext ctx ) throws NamingException
- {
- if ( allowAnonymous )
- {
- ctx.setPrincipal( LdapPrincipal.ANONYMOUS );
- }
- else
- {
- throw new LdapNoPermissionException( "Anonymous bind NOT permitted!" );
}
- }
+ authList = StringTools.deepTrim( authList );
+ String[] auth = authList.split( " " );
- private void doAuthSimple( ServerContext ctx ) throws NamingException
- {
- Object creds = ctx.getEnvironment().get( CREDS );
+ Collection authenticators = null;
- if ( creds == null )
- {
- creds = ArrayUtils.EMPTY_BYTE_ARRAY;
- }
- else if ( creds instanceof String )
+ // pick the first matching authenticator type
+ for ( int i=0; i<auth.length; i++)
{
- creds = ( ( String ) creds ).getBytes();
+ authenticators = getAuthenticators( auth[i] );
+ if ( authenticators != null ) break;
}
- // let's get the principal now
- String principal;
- if ( ! ctx.getEnvironment().containsKey( PRINCIPAL ) )
+ if ( authenticators == null )
{
- throw new LdapAuthenticationException();
+ ctx.getEnvironment(); // shut's up idea's yellow light
+ ResultCodeEnum rc = ResultCodeEnum.AUTHMETHODNOTSUPPORTED;
+ throw new LdapAuthenticationNotSupportedException( rc );
}
- else
+
+ // try each authenticators
+ for ( Iterator i = authenticators.iterator(); i.hasNext(); )
{
- principal = ( String ) ctx.getEnvironment().get( PRINCIPAL );
- if ( principal == null )
+ try
{
- throw new LdapAuthenticationException();
- }
- }
+ Authenticator authenticator = ( Authenticator ) i.next();
- LdapName principalDn = new LdapName( principal );
- Attributes userEntry = nexus.lookup( principalDn );
- if ( userEntry == null )
- {
- throw new LdapNameNotFoundException();
- }
+ // perform the authentication
+ LdapPrincipal authorizationId = authenticator.authenticate( ctx );
- Object userPassword;
- Attribute userPasswordAttr = userEntry.get( "userPassword" );
- if ( userPasswordAttr == null )
- {
- userPassword = ArrayUtils.EMPTY_BYTE_ARRAY;
- }
- else
- {
- userPassword = userPasswordAttr.get();
- if ( userPassword instanceof String )
+ // authentication was successful
+ ctx.setPrincipal( authorizationId );
+
+ // remove creds so there is no security risk
+ ctx.removeFromEnvironment( CREDS );
+
+ return;
+ }
+ catch ( LdapAuthenticationException e )
{
- userPassword = ( ( String ) userPassword ).getBytes();
+ // authentication failed, try the next authenticator
}
}
- if ( ! ArrayUtils.isEquals( creds, userPassword ) )
- {
- throw new LdapAuthenticationException();
- }
-
- ctx.setPrincipal( new LdapPrincipal( principalDn ) );
+ throw new LdapAuthenticationException();
}
}
Added: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/AuthenticatorConfigBuilder.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/AuthenticatorConfigBuilder.java?view=auto&rev=157788
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/AuthenticatorConfigBuilder.java (added)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/AuthenticatorConfigBuilder.java Wed Mar 16 11:04:02 2005
@@ -0,0 +1,131 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.ldap.server.jndi;
+
+
+import java.util.Hashtable;
+import java.util.Properties;
+import java.io.FileInputStream;
+
+import org.apache.ldap.common.util.StringTools;
+import org.apache.ldap.server.AuthenticatorConfig;
+
+import javax.naming.NamingException;
+
+
+/**
+ * An authenticator configuration builder which produces AuthenticatorConfig
+ * objects from various configuration formats, namely Hashtables.
+ *
+ * @author <a href="mailto:endisd@vergenet.com">Endi S. Dewata</a>
+ */
+public class AuthenticatorConfigBuilder
+{
+ /** keep this so we do not have create empty ones over and over again */
+ private final static AuthenticatorConfig[] EMPTY = new AuthenticatorConfig[0];
+
+
+ /**
+ * Extracts properties from a Hashtable and builds a configuration bean for
+ * an Authenticator.
+ *
+ * @param authenticatorName the name of the authenticator to extract configs for
+ * @param env the Hastable containing usually JNDI environment settings
+ * @return the extracted configuration object
+ * @throws javax.naming.NamingException
+ */
+ public static AuthenticatorConfig getAuthenticatorConfig( String authenticatorName, Hashtable env )
+ throws NamingException
+ {
+ final StringBuffer buf = new StringBuffer();
+ final AuthenticatorConfig config = new AuthenticatorConfig();
+
+ // --------------------------------------------------------------------
+ // set id for authenticator
+ // --------------------------------------------------------------------
+
+ config.setAuthenticatorName( authenticatorName );
+
+ // --------------------------------------------------------------------
+ // set authenticator class
+ // --------------------------------------------------------------------
+
+ buf.setLength( 0 );
+ buf.append( EnvKeys.AUTHENTICATOR_CLASS ).append( authenticatorName );
+ String authenticatorClass = ( String ) env.get( buf.toString() );
+
+ if ( authenticatorClass != null )
+ {
+ config.setAuthenticatorClass( authenticatorClass );
+ }
+
+ // --------------------------------------------------------------------
+ // set authenticator properties
+ // --------------------------------------------------------------------
+
+ buf.setLength( 0 );
+ buf.append( EnvKeys.AUTHENTICATOR_PROPERTIES ).append( authenticatorName );
+ String propertiesFile = ( String ) env.get( buf.toString() );
+
+ if ( propertiesFile != null )
+ {
+ try
+ {
+ Properties properties = config.getProperties();
+ properties.load( new FileInputStream( propertiesFile ) );
+ config.setProperties( properties );
+ }
+ catch ( Exception e )
+ {
+ throw new NamingException( e.getMessage() );
+ }
+ }
+
+ return config;
+ }
+
+
+ /**
+ * Extracts properties from a Hashtable and builds a set of configurations
+ * bean for Authenticators.
+ *
+ * @param env the Hastable containing usually JNDI environment settings
+ * @return all the extracted configuration objects configured
+ * @throws javax.naming.NamingException
+ */
+ public static AuthenticatorConfig[] getAuthenticatorConfigs( Hashtable env )
+ throws NamingException
+ {
+ String idList = ( String ) env.get( EnvKeys.AUTHENTICATORS );
+
+ // return empty array when we got nothin to work with!
+ if ( idList == null || idList.trim().length() == 0 )
+ {
+ return EMPTY;
+ }
+
+ idList = StringTools.deepTrim( idList );
+ final String[] ids = idList.split( " " );
+ final AuthenticatorConfig[] configs = new AuthenticatorConfig[ids.length];
+ for ( int ii = 0; ii < configs.length; ii++ )
+ {
+ configs[ii] = getAuthenticatorConfig( ids[ii], env );
+ }
+
+ return configs;
+ }
+}
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/CoreContextFactory.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/CoreContextFactory.java?view=diff&r1=157787&r2=157788
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/CoreContextFactory.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/CoreContextFactory.java Wed Mar 16 11:04:02 2005
@@ -39,11 +39,9 @@
import org.apache.ldap.common.schema.Normalizer;
import org.apache.ldap.common.util.DateUtils;
import org.apache.ldap.common.util.StringTools;
-import org.apache.ldap.server.ApplicationPartition;
-import org.apache.ldap.server.ContextPartition;
-import org.apache.ldap.server.ContextPartitionConfig;
-import org.apache.ldap.server.RootNexus;
-import org.apache.ldap.server.SystemPartition;
+import org.apache.ldap.server.*;
+import org.apache.ldap.server.auth.AnonymousAuthenticator;
+import org.apache.ldap.server.auth.SimpleAuthenticator;
import org.apache.ldap.server.db.Database;
import org.apache.ldap.server.db.DefaultSearchEngine;
import org.apache.ldap.server.db.ExpressionEnumerator;
@@ -503,9 +501,64 @@
boolean allowAnonymous = !initialEnv.containsKey( EnvKeys.DISABLE_ANONYMOUS );
- Interceptor interceptor = new AuthenticationService( nexus, allowAnonymous );
+ AuthenticationService authenticationService = new AuthenticationService();
- provider.addInterceptor( interceptor, state );
+ // create authenticator context
+ AuthenticatorContext authenticatorContext = new AuthenticatorContext();
+ authenticatorContext.setRootNexus( nexus );
+ authenticatorContext.setAllowAnonymous( allowAnonymous );
+
+ try // initialize default authenticators
+ {
+ // create anonymous authenticator
+ AuthenticatorConfig authenticatorConfig = new AuthenticatorConfig();
+ authenticatorConfig.setAuthenticatorName( "none" );
+ authenticatorConfig.setAuthenticatorContext( authenticatorContext );
+
+ Authenticator authenticator = new AnonymousAuthenticator();
+ authenticator.init( authenticatorConfig );
+ authenticationService.register( authenticator );
+
+ // create simple authenticator
+ authenticatorConfig = new AuthenticatorConfig();
+ authenticatorConfig.setAuthenticatorName( "simple" );
+ authenticatorConfig.setAuthenticatorContext( authenticatorContext );
+
+ authenticator = new SimpleAuthenticator();
+ authenticator.init( authenticatorConfig );
+ authenticationService.register( authenticator );
+ }
+ catch ( Exception e )
+ {
+ throw new NamingException( e.getMessage() );
+ }
+
+ AuthenticatorConfig[] configs = null;
+ configs = AuthenticatorConfigBuilder
+ .getAuthenticatorConfigs( initialEnv );
+
+ for ( int ii = 0; ii < configs.length; ii++ )
+ {
+ try
+ {
+ configs[ii].setAuthenticatorContext( authenticatorContext );
+
+ String authenticatorClass = configs[ii].getAuthenticatorClass();
+ Class clazz = Class.forName( authenticatorClass );
+ Constructor constructor = clazz.getConstructor( new Class[] { } );
+
+ Authenticator authenticator = ( Authenticator ) constructor.newInstance( new Object[] { } );
+ authenticator.init( configs[ii] );
+
+ authenticationService.register( authenticator );
+ }
+ catch ( Exception e )
+ {
+ e.printStackTrace();
+ }
+ }
+
+ provider.addInterceptor( authenticationService, state );
/*
* Create and add the Eve Exception service interceptor to both the
@@ -515,7 +568,7 @@
FilterService filterService = new FilterServiceImpl();
- interceptor = ( Interceptor ) filterService;
+ Interceptor interceptor = ( Interceptor ) filterService;
provider.addInterceptor( interceptor, state );
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/EnvKeys.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/EnvKeys.java?view=diff&r1=157787&r2=157788
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/EnvKeys.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/EnvKeys.java Wed Mar 16 11:04:02 2005
@@ -45,6 +45,12 @@
public static final String SCHEMAS = "server.schemas";
/** bootstrap prop: if key is present it enables anonymous users */
public static final String DISABLE_ANONYMOUS = "server.disable.anonymous";
+ /** a comma separated list of authenticator names */
+ public static final String AUTHENTICATORS = "server.authenticators";
+ /** the envprop key base to the authenticator implementation class */
+ public static final String AUTHENTICATOR_CLASS = "server.authenticator.class.";
+ /** the envprop key base to the properties of an authenticator */
+ public static final String AUTHENTICATOR_PROPERTIES = "server.authenticator.properties.";
// ------------------------------------------------------------------------
@@ -71,7 +77,7 @@
/** the envprop key base to the implementation of a partition */
public static final String PARTITION_CLASS = "server.db.partition.class.";
/** the envprop key base to the properties of a partition */
- public static final String PROPERTIES = "server.db.partition.properties.";
+ public static final String PARTITION_PROPERTIES = "server.db.partition.properties.";
/** the envprop key base to the space separated list of indices for a partition */
public static final String INDICES = "server.db.partition.indices.";
/** the envprop key base to the Attributes for the context nexus entry */
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/PartitionConfigBuilder.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/PartitionConfigBuilder.java?view=diff&r1=157787&r2=157788
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/PartitionConfigBuilder.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/ldap/server/jndi/PartitionConfigBuilder.java Wed Mar 16 11:04:02 2005
@@ -93,7 +93,7 @@
// --------------------------------------------------------------------
buf.setLength( 0 );
- buf.append( EnvKeys.PROPERTIES ).append( id );
+ buf.append( EnvKeys.PARTITION_PROPERTIES ).append( id );
String properties = ( String ) env.get( buf.toString() );
if ( properties != null )
Modified: directory/apacheds/trunk/main/project.xml
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/main/project.xml?view=diff&r1=157787&r2=157788
==============================================================================
--- directory/apacheds/trunk/main/project.xml (original)
+++ directory/apacheds/trunk/main/project.xml Wed Mar 16 11:04:02 2005
@@ -88,8 +88,8 @@
<version>0.9-SNAPSHOT</version>
</dependency>
<dependency>
- <groupId>directory</groupId>
- <artifactId>apacheds-protocol</artifactId>
+ <groupId>directory-protocols</groupId>
+ <artifactId>ldap-protocol</artifactId>
<version>0.9-SNAPSHOT</version>
</dependency>
<dependency>