You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Brett Heroux <br...@gmail.com> on 2009/02/24 10:41:36 UTC
Groovy LDAP - authentication help needed?
Hi - I am interested in contributing an authentication module to the Groovy
LDAP subproject. I know ApacheDS does not export keytabs, but this may be
useful anyway. This is the code:
import javax.security.auth.login.Configuration
import javax.security.auth.login.AppConfigurationEntry
/**
* Created by IntelliJ IDEA.
* User: brett
* Date: Feb 2, 2009
* Time: 6:03:56 AM
* To change this template use File | Settings | File Templates.
*/
public class GssapiConfiguration extends Configuration {
public static final KERBEROS =
"com.sun.security.auth.module.Krb5LoginModule"
def appConfigurationEntry
GssapiConfiguration(String principal, String keytab, String debug =
"true") {
if (!principal) {
throw new Exception("principal is required")
}
if (!new File((String)keytab).exists()) {
throw new Exception("keytab must exist")
}
def options = new Hashtable()
options.put("principal", principal)
options.put("keyTab", keytab)
options.put("debug", debug)
options.put("useKeyTab", "true")
appConfigurationEntry = new AppConfigurationEntry(KERBEROS,
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options)
}
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
[appConfigurationEntry] as AppConfigurationEntry[]
}
}
########################################################
/**
* Created by IntelliJ IDEA.
* User: brett
* Date: Jan 28, 2009
* Time: 6:18:58 AM
* To change this template use File | Settings | File Templates.
*/
import javax.naming.directory.DirContext
import javax.naming.NamingException
import javax.security.auth.Subject
import javax.naming.directory.InitialDirContext
import java.security.PrivilegedAction
import javax.security.auth.login.LoginContext
import javax.security.auth.login.Configuration
public class LdapAction implements PrivilegedAction<InitialDirContext> {
Configuration configuration
LdapAction(String url, String krb5, String principal, String keytab) {
configuration = new GssapiConfiguration(principal, keytab)
}
DirContext getDirContextInstance(Hashtable env) throws NamingException {
def loginContext = new LoginContext("unused", null, null, configuration)
loginContext.login()
def subject = loginContext.subject
environment = env
Subject.doAs(subject, this)
}
InitialDirContext run() { // called by Subject.doAs()
new InitialDirContext(environment)
}
}
Brett Heroux - President
The Devicesoft Organization, L.L.C.
http://devicesoft.org