You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Brett Heroux <br...@gmail.com> on 2009/02/24 10:41:36 UTC

Groovy LDAP - authentication help needed?

Hi - I am interested in contributing an authentication module to the Groovy
LDAP subproject. I know ApacheDS does not export keytabs, but this may be
useful anyway. This is the code:

import javax.security.auth.login.Configuration
import javax.security.auth.login.AppConfigurationEntry

/**
 * Created by IntelliJ IDEA.
 * User: brett
 * Date: Feb 2, 2009
 * Time: 6:03:56 AM
 * To change this template use File | Settings | File Templates.
 */

public class GssapiConfiguration extends Configuration {

  public static final KERBEROS =
"com.sun.security.auth.module.Krb5LoginModule"

  def appConfigurationEntry

  GssapiConfiguration(String principal, String keytab, String debug =
"true") {
  if (!principal) {
  throw new Exception("principal is required")
  }
  if (!new File((String)keytab).exists()) {
  throw new Exception("keytab must exist")
  }
  def options = new Hashtable()
  options.put("principal", principal)
  options.put("keyTab", keytab)
  options.put("debug", debug)
  options.put("useKeyTab", "true")

  appConfigurationEntry = new AppConfigurationEntry(KERBEROS,
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options)
  }

  public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
  [appConfigurationEntry] as AppConfigurationEntry[]
  }

}

########################################################

/**
 * Created by IntelliJ IDEA.
 * User: brett
 * Date: Jan 28, 2009
 * Time: 6:18:58 AM
 * To change this template use File | Settings | File Templates.
 */

import javax.naming.directory.DirContext
import javax.naming.NamingException

import javax.security.auth.Subject
import javax.naming.directory.InitialDirContext
import java.security.PrivilegedAction
import javax.security.auth.login.LoginContext
import javax.security.auth.login.Configuration

public class LdapAction implements PrivilegedAction<InitialDirContext> {

  Configuration configuration

  LdapAction(String url, String krb5, String principal, String keytab) {

  configuration = new GssapiConfiguration(principal, keytab)

  }

  DirContext getDirContextInstance(Hashtable env) throws NamingException {
  def loginContext = new LoginContext("unused", null, null, configuration)
  loginContext.login()

  def subject = loginContext.subject

  environment = env

  Subject.doAs(subject, this)
  }

  InitialDirContext run() { // called by Subject.doAs()
  new InitialDirContext(environment)
  }

}

Brett Heroux - President

The Devicesoft Organization, L.L.C.

http://devicesoft.org