You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@juddi.apache.org by al...@apache.org on 2013/05/31 01:05:17 UTC
svn commit: r1488044 - in /juddi/trunk/juddi-core/src:
main/java/org/apache/juddi/config/ main/java/org/apache/juddi/v3/auth/
test/resources/
Author: alexoree
Date: Thu May 30 23:05:16 2013
New Revision: 1488044
URL: http://svn.apache.org/r1488044
Log:
Adding an expanded LDAP Authenticator which uses a simple string formatter for usage with Common Names, instead of DNs
Adding configuration items for the LdapSimpleAuthenticator, some values were hard coded
This is for JUDDI-405
Added:
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapExpandedAuthenticator.java
- copied, changed from r1487989, juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapSimpleAuthenticator.java
Modified:
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/config/Property.java
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapSimpleAuthenticator.java
juddi/trunk/juddi-core/src/test/resources/juddiv3.properties
Modified: juddi/trunk/juddi-core/src/main/java/org/apache/juddi/config/Property.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-core/src/main/java/org/apache/juddi/config/Property.java?rev=1488044&r1=1488043&r2=1488044&view=diff
==============================================================================
--- juddi/trunk/juddi-core/src/main/java/org/apache/juddi/config/Property.java (original)
+++ juddi/trunk/juddi-core/src/main/java/org/apache/juddi/config/Property.java Thu May 30 23:05:16 2013
@@ -1,15 +1,36 @@
package org.apache.juddi.config;
import org.apache.juddi.v3.auth.CryptedXMLDocAuthenticator;
+import org.apache.juddi.v3.auth.LdapExpandedAuthenticator;
+import org.apache.juddi.v3.auth.LdapSimpleAuthenticator;
import org.apache.juddi.v3.auth.MD5XMLDocAuthenticator;
+/**
+ * This defines constants used for accessing information from jUDDI's juddiv3.properties file
+ * @author various
+ */
public interface Property {
public final static String JDDU_SUBSCRIPTION_MAXENTITIES="juddi.subscription.maxentities";
public final static String JUDDI_ROOT_PUBLISHER = "juddi.root.publisher";
public final static String JUDDI_LOAD_INSTALL_DATA = "juddi.load.install.data";
public final static String JUDDI_PERSISTENCEUNIT_NAME = "juddi.persistenceunit.name";
public final static String JUDDI_AUTHENTICATOR = "juddi.authenticator";
+ /**
+ * @see LdapSimpleAuthenticator
+ */
public final static String JUDDI_AUTHENTICATOR_URL = "juddi.authenticator.url";
+ /**
+ * @see LdapSimpleAuthenticator
+ */
+ public final static String JUDDI_AUTHENTICATOR_INITIAL_CONTEXT = "juddi.authenticator.initialcontext";
+ /**
+ * @see LdapSimpleAuthenticator
+ */
+ public final static String JUDDI_AUTHENTICATOR_STYLE = "juddi.authenticator.style";
+ /**
+ * @see LdapExpandedAuthenticator
+ */
+ public final static String JUDDI_AUTHENTICATOR_LDAP_EXPANDED_STR= "juddi.authenticator.ldapexp";
public final static String JUDDI_CONFIGURATION_RELOAD_DELAY = "juddi.configuration.reload.delay";
public final static String JUDDI_LOCALE = "juddi.locale";
public final static String JUDDI_OPERATOR_EMAIL_ADDRESS = "juddi.operatorEmailAddress";
Copied: juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapExpandedAuthenticator.java (from r1487989, juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapSimpleAuthenticator.java)
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapExpandedAuthenticator.java?p2=juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapExpandedAuthenticator.java&p1=juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapSimpleAuthenticator.java&r1=1487989&r2=1488044&rev=1488044&view=diff
==============================================================================
--- juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapSimpleAuthenticator.java (original)
+++ juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapExpandedAuthenticator.java Thu May 30 23:05:16 2013
@@ -15,7 +15,9 @@
*/
package org.apache.juddi.v3.auth;
+import java.util.HashMap;
import java.util.Hashtable;
+import java.util.Map;
import javax.naming.Context;
import javax.naming.NamingException;
@@ -24,7 +26,6 @@ import javax.naming.ldap.LdapContext;
import javax.persistence.EntityManager;
import javax.persistence.EntityTransaction;
-import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -41,40 +42,41 @@ import org.apache.juddi.v3.error.Unknown
import org.apache.commons.configuration.ConfigurationException;
/**
- * This is a implementation of jUDDI's Authenticator interface, that uses the
- * LDAP.
+ * This is an expanded implementation of jUDDI's Authenticator interface, that uses the
+ * LDAP with string formatting to enable users to sign in as a common name instead of the full
+ * distinguished name.
*
* Usage:
*
* To use this class you must add the following properties to the
* juddiv3.properties file:
*
- * # The JBoss Authenticator
+ * # The LDAP Authenticator
* juddi.authenticator=org.apache.juddi.v3.auth.LdapSimpleAuthenticator
*
* # LDAP authentication URL
* juddi.authenticator.url=ldap://localhost:389
*
- * This authenticator assumes that the publisher username is the same as the LDAP
- * principal name, which may not be the case as the LDAP principal might be a bind name.
- * This class could easily be extended so that the uid of the LDAP authenticated user is
- * used, or to authenticate by group.
+ * juddi.authenticator.ldapexp=CN=%s, OU=Users,DC=Domain, etc
+ *
+ * This authenticator assumes that the publisher username can be reformatted to a LDAP
+ * common name. This is common for Microsoft based LDAPs. The configuration item juddi.authenticator.ldapexp
+ * should contain exactly one instance of "%s", which is replaced by the requestor's username
*
- * This class was tested with OpenLDAP.
*
- * @author <a href="mailto:tcunning@apache.org">Tom Cunningham</a>
- * @author <a href="mailto:gunnlaugursig@gmail.com">Gunnlaugur Sigurðsson</a>
+ * @author Alex O'Ree
*/
-public class LdapSimpleAuthenticator implements Authenticator {
+public class LdapExpandedAuthenticator implements Authenticator {
private Log logger = LogFactory.getLog(this.getClass());
private LdapContext ctx = null;
+ //this needs to be a Hashtable, HashMap won't work here
private Hashtable<String, String> env = null;
private String url = null;
private static final String DEFAULT_URL = "ldap://localhost:389";
- public LdapSimpleAuthenticator() throws NamingException {
+ public LdapExpandedAuthenticator() throws NamingException, ConfigurationException {
String authURL = null;
try {
authURL = AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_URL, DEFAULT_URL);
@@ -85,14 +87,14 @@ public class LdapSimpleAuthenticator imp
init(authURL);
}
- public LdapSimpleAuthenticator(String url) throws NamingException {
+ public LdapExpandedAuthenticator(String url) throws NamingException, ConfigurationException {
init(url);
}
- public void init(String url) throws NamingException {
+ public void init(String url) throws NamingException, ConfigurationException {
env = new Hashtable<String, String>();
- env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
- env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.INITIAL_CONTEXT_FACTORY, AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_INITIAL_CONTEXT, "com.sun.jndi.ldap.LdapCtxFactory"));
+ env.put(Context.SECURITY_AUTHENTICATION, AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_STYLE, "simple"));
env.put(Context.PROVIDER_URL, url); // organization ldap url, example ldap://localhost:389
this.url = url;
@@ -114,19 +116,26 @@ public class LdapSimpleAuthenticator imp
boolean isLdapUser = false;
try {
env = new Hashtable<String, String>();
- env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
- env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.INITIAL_CONTEXT_FACTORY, AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_INITIAL_CONTEXT, "com.sun.jndi.ldap.LdapCtxFactory"));
+ env.put(Context.SECURITY_AUTHENTICATION, AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_STYLE, "simple"));
+
env.put(Context.PROVIDER_URL, url); // organization ldap url, example ldap://localhost:389
- env.put(Context.SECURITY_PRINCIPAL, authorizedName);
- env.put(Context.SECURITY_CREDENTIALS, cred);
+ String format = String.format(AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_LDAP_EXPANDED_STR), authorizedName);
+
+ env.put(Context.SECURITY_PRINCIPAL, format);
+ env.put(Context.SECURITY_CREDENTIALS, cred);
ctx = new InitialLdapContext(env, null);
isLdapUser = true;
logger.info(authorizedName + " is authenticated");
- } catch (NamingException e) {
+ } catch (ConfigurationException e) {
+ logger.error(authorizedName + " is not authenticated", e);
+ throw new UnknownUserException(new ErrorMessage("errors.auth.NoPublisher", authorizedName));
+ }
+ catch (NamingException e) {
logger.error(authorizedName + " is not authenticated");
throw new UnknownUserException(new ErrorMessage("errors.auth.NoPublisher", authorizedName));
- } finally {
+ }finally {
try {
ctx.close();
} catch (NamingException e) {
Modified: juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapSimpleAuthenticator.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapSimpleAuthenticator.java?rev=1488044&r1=1488043&r2=1488044&view=diff
==============================================================================
--- juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapSimpleAuthenticator.java (original)
+++ juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapSimpleAuthenticator.java Thu May 30 23:05:16 2013
@@ -24,7 +24,6 @@ import javax.naming.ldap.LdapContext;
import javax.persistence.EntityManager;
import javax.persistence.EntityTransaction;
-import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -42,14 +41,14 @@ import org.apache.commons.configuration.
/**
* This is a implementation of jUDDI's Authenticator interface, that uses the
- * LDAP.
+ * LDAP. z
*
* Usage:
*
* To use this class you must add the following properties to the
* juddiv3.properties file:
*
- * # The JBoss Authenticator
+ * # The LDAP Authenticator
* juddi.authenticator=org.apache.juddi.v3.auth.LdapSimpleAuthenticator
*
* # LDAP authentication URL
@@ -64,17 +63,23 @@ import org.apache.commons.configuration.
*
* @author <a href="mailto:tcunning@apache.org">Tom Cunningham</a>
* @author <a href="mailto:gunnlaugursig@gmail.com">Gunnlaugur Sigurðsson</a>
+ * @author Alex O'Ree
+ *
+ *
+ * @since 3.2, all values are now configurable
+ * @see Property.JUDDI_AUTHENTICATOR_INITIAL_CONTEXT, JUDDI_AUTHENTICATOR_STYLE
*/
public class LdapSimpleAuthenticator implements Authenticator {
private Log logger = LogFactory.getLog(this.getClass());
private LdapContext ctx = null;
+ //this needs to be a Hashtable, HashMap won't work here
private Hashtable<String, String> env = null;
private String url = null;
private static final String DEFAULT_URL = "ldap://localhost:389";
- public LdapSimpleAuthenticator() throws NamingException {
+ public LdapSimpleAuthenticator() throws NamingException, ConfigurationException {
String authURL = null;
try {
authURL = AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_URL, DEFAULT_URL);
@@ -85,14 +90,14 @@ public class LdapSimpleAuthenticator imp
init(authURL);
}
- public LdapSimpleAuthenticator(String url) throws NamingException {
+ public LdapSimpleAuthenticator(String url) throws NamingException, ConfigurationException {
init(url);
}
- public void init(String url) throws NamingException {
+ public void init(String url) throws NamingException, ConfigurationException {
env = new Hashtable<String, String>();
- env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
- env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.INITIAL_CONTEXT_FACTORY, AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_INITIAL_CONTEXT, "com.sun.jndi.ldap.LdapCtxFactory"));
+ env.put(Context.SECURITY_AUTHENTICATION, AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_STYLE, "simple"));
env.put(Context.PROVIDER_URL, url); // organization ldap url, example ldap://localhost:389
this.url = url;
@@ -114,19 +119,23 @@ public class LdapSimpleAuthenticator imp
boolean isLdapUser = false;
try {
env = new Hashtable<String, String>();
- env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
- env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.INITIAL_CONTEXT_FACTORY, AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_INITIAL_CONTEXT, "com.sun.jndi.ldap.LdapCtxFactory"));
+ env.put(Context.SECURITY_AUTHENTICATION, AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_STYLE, "simple"));
env.put(Context.PROVIDER_URL, url); // organization ldap url, example ldap://localhost:389
env.put(Context.SECURITY_PRINCIPAL, authorizedName);
- env.put(Context.SECURITY_CREDENTIALS, cred);
+ env.put(Context.SECURITY_CREDENTIALS, cred);
ctx = new InitialLdapContext(env, null);
isLdapUser = true;
logger.info(authorizedName + " is authenticated");
- } catch (NamingException e) {
+ } catch (ConfigurationException e) {
+ logger.error(authorizedName + " is not authenticated", e);
+ throw new UnknownUserException(new ErrorMessage("errors.auth.NoPublisher", authorizedName));
+ }
+ catch (NamingException e) {
logger.error(authorizedName + " is not authenticated");
throw new UnknownUserException(new ErrorMessage("errors.auth.NoPublisher", authorizedName));
- } finally {
+ }finally {
try {
ctx.close();
} catch (NamingException e) {
Modified: juddi/trunk/juddi-core/src/test/resources/juddiv3.properties
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-core/src/test/resources/juddiv3.properties?rev=1488044&r1=1488043&r2=1488044&view=diff
==============================================================================
--- juddi/trunk/juddi-core/src/test/resources/juddiv3.properties (original)
+++ juddi/trunk/juddi-core/src/test/resources/juddiv3.properties Thu May 30 23:05:16 2013
@@ -57,7 +57,31 @@ juddi.subscription.expiration.days=30
juddi.subscription.chunkexpiration.minutes=5
#
# jUDDI Authentication module to use
+#option, the default one
juddi.authenticator = org.apache.juddi.v3.auth.JUDDIAuthenticator
+
+############################################################
+#option for AuthN, basic Ldap Authenticator
+#juddi.authenticator=org.apache.juddi.v3.auth.LdapSimpleAuthenticator
+#juddi.authenticator.initialcontext=com.sun.jndi.ldap.LdapCtxFactory
+#juddi.authenticator.url=ldap://localhost:389
+#or use this for SSL
+#juddi.authenticator.url=ldaps://localhost:636
+#juddi.authenticator.style=one of "none", "simple", sasl_mech (see below)
+ #sasl_mech is a comma separated list of items. the complete list is here: http://docs.oracle.com/javase/jndi/tutorial/ldap/security/sasl.html
+ #more info is http://docs.oracle.com/javase/jndi/tutorial/ldap/security/auth.html
+
+###########################################################
+#option for AuthN, expanded Ldap Authenticator
+#juddi.authenticator=org.apache.juddi.v3.auth.LdapExpandedAuthenticator
+#juddi.authenticator.ldapexp=CN=%s, OU=Users,DC=Domain, etc
+## Note, %s will be replaced with the requestors user name
+#juddi.authenticator=org.apache.juddi.v3.auth.LdapSimpleAuthenticator
+#juddi.authenticator.initialcontext=com.sun.jndi.ldap.LdapCtxFactory
+#juddi.authenticator.url=ldap://localhost:389
+#juddi.authenticator.style=one of "none", "simple", sasl_mech (see above)
+
+
#
# jUDDI Cryptor implementation to use
juddi.cryptor = org.apache.juddi.cryptor.DefaultCryptor
@@ -91,7 +115,7 @@ juddi.validation.enforceReferentialInteg
#As of 3.1.5 Email delivery options for subscription API functions
#uddi.mail.smtp.from
-##The Operatorâs Email address
+##The Operator\u00e2\u0080\u0099s Email address
#juddi.mail.smtp.host
##The hostname of the SMTP server
@@ -106,7 +130,7 @@ juddi.validation.enforceReferentialInteg
##If set to true, failure to create a socket using the specified socket factory class will cause the socket to be created using the java.net.Socket class. Defaults to true.
#juddi.mail.smtp.starttls.enable
-##if true, enables the use of the STARTTLS command (if supported by the server) to switch the connection to a TLS-protected connection before issuing any login commands. Note that an appropriate trust store must configured so that the client will trust the serverâs certificate. Defaults to false.
+##if true, enables the use of the STARTTLS command (if supported by the server) to switch the connection to a TLS-protected connection before issuing any login commands. Note that an appropriate trust store must configured so that the client will trust the server\u00e2\u0080\u0099s certificate. Defaults to false.
#juddi.mail.smtp.socketFactory.port
##Specifies the port to connect to when using the specified socket factory. If not set, the default port will be used.
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@juddi.apache.org
For additional commands, e-mail: commits-help@juddi.apache.org