📄 ldaploginmodule.java
字号:
SearchResult result = (SearchResult)results.nextElement(); Attributes attributes = result.getAttributes(); if (attributes == null) { continue; } Attribute roleAttribute = attributes.get(_roleNameAttribute); if (roleAttribute == null) { continue; } NamingEnumeration roles = roleAttribute.getAll(); while (roles.hasMore()) { roleList.add(roles.next()); } } return roleList; } /** * since ldap uses a context bind for valid authentication checking, we override login() * <p/> * if credentials are not available from the users context or if we are forcing the binding check * then we try a binding authentication check, otherwise if we have the users encoded password then * we can try authentication via that mechanic * * @return * @throws LoginException */ public boolean login() throws LoginException { try { if (getCallbackHandler() == null) { throw new LoginException("No callback handler"); } Callback[] callbacks = configureCallbacks(); getCallbackHandler().handle(callbacks); String webUserName = ((NameCallback) callbacks[0]).getName(); Object webCredential = ((ObjectCallback) callbacks[1]).getObject(); if (webUserName == null || webCredential == null) { setAuthenticated(false); return isAuthenticated(); } if (_forceBindingLogin) { return bindingLogin(webUserName, webCredential); } // This sets read and the credential UserInfo userInfo = getUserInfo(webUserName); if( userInfo == null) { setAuthenticated(false); return false; } setCurrentUser(new JAASUserInfo(userInfo)); if (webCredential instanceof String) { return credentialLogin(Credential.getCredential((String) webCredential)); } return credentialLogin(webCredential); } catch (UnsupportedCallbackException e) { throw new LoginException("Error obtaining callback information."); } catch (IOException e) { if (_debug) { e.printStackTrace(); } throw new LoginException("IO Error performing login."); } catch (Exception e) { if (_debug) { e.printStackTrace(); } throw new LoginException("Error obtaining user info."); } } /** * password supplied authentication check * * @param webCredential * @return * @throws LoginException */ protected boolean credentialLogin(Object webCredential) throws LoginException { setAuthenticated(getCurrentUser().checkCredential(webCredential)); return isAuthenticated(); } /** * binding authentication check * This methode of authentication works only if the user branch of the DIT (ldap tree) * has an ACI (acces control instruction) that allow the access to any user or at least * for the user that logs in. * * @param username * @param password * @return * @throws LoginException */ protected boolean bindingLogin(String username, Object password) throws LoginException, NamingException { SearchResult searchResult = findUser(username); String userDn = searchResult.getNameInNamespace(); Log.info("Attempting authentication: " + userDn); Hashtable environment = getEnvironment(); environment.put(Context.SECURITY_PRINCIPAL, userDn); environment.put(Context.SECURITY_CREDENTIALS, password); DirContext dirContext = new InitialDirContext(environment); List roles = getUserRolesByDn(dirContext, userDn); UserInfo userInfo = new UserInfo(username, null, roles); setCurrentUser(new JAASUserInfo(userInfo)); setAuthenticated(true); return true; } private SearchResult findUser(String username) throws NamingException, LoginException { SearchControls ctls = new SearchControls(); ctls.setCountLimit(1); ctls.setDerefLinkFlag(true); ctls.setSearchScope(SearchControls.SUBTREE_SCOPE); String filter = "(&(objectClass={0})({1}={2}))"; Log.info("Searching for users with filter: \'" + filter + "\'" + " from base dn: " + _userBaseDn); Object[] filterArguments = new Object[]{ _userObjectClass, _userIdAttribute, username }; NamingEnumeration results = _rootContext.search(_userBaseDn, filter, filterArguments, ctls); Log.info("Found user?: " + results.hasMoreElements()); if (!results.hasMoreElements()) { throw new LoginException("User not found."); } return (SearchResult)results.nextElement(); } public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { super.initialize(subject, callbackHandler, sharedState, options); _hostname = (String) options.get("hostname"); _port = Integer.parseInt((String) options.get("port")); _contextFactory = (String) options.get("contextFactory"); _bindDn = (String) options.get("bindDn"); _bindPassword = (String) options.get("bindPassword"); _authenticationMethod = (String) options.get("authenticationMethod"); _userBaseDn = (String) options.get("userBaseDn"); _roleBaseDn = (String) options.get("roleBaseDn"); if (options.containsKey("forceBindingLogin")) { _forceBindingLogin = Boolean.parseBoolean((String) options.get("forceBindingLogin")); } _userObjectClass = getOption(options, "userObjectClass", _userObjectClass); _userRdnAttribute = getOption(options, "userRdnAttribute", _userRdnAttribute); _userIdAttribute = getOption(options, "userIdAttribute", _userIdAttribute); _userPasswordAttribute = getOption(options, "userPasswordAttribute", _userPasswordAttribute); _roleObjectClass = getOption(options, "roleObjectClass", _roleObjectClass); _roleMemberAttribute = getOption(options, "roleMemberAttribute", _roleMemberAttribute); _roleNameAttribute = getOption(options, "roleNameAttribute", _roleNameAttribute); _debug = Boolean.parseBoolean(String.valueOf(getOption(options, "debug", Boolean.toString(_debug)))); try { _rootContext = new InitialDirContext(getEnvironment()); } catch (NamingException ex) { throw new IllegalStateException("Unable to establish root context", ex); } } public boolean commit() throws LoginException { try { _rootContext.close(); } catch (NamingException e) { throw new LoginException("error closing root context: " + e.getMessage()); } return super.commit(); } public boolean abort() throws LoginException { try { _rootContext.close(); } catch (NamingException e) { throw new LoginException("error closing root context: " + e.getMessage()); } return super.abort(); } private String getOption(Map options, String key, String defaultValue) { Object value = options.get(key); if (value == null) { return defaultValue; } return (String) value; } /** * get the context for connection * * @return */ public Hashtable getEnvironment() { Properties env = new Properties(); env.put(Context.INITIAL_CONTEXT_FACTORY, _contextFactory); if (_hostname != null) { if (_port != 0) { env.put(Context.PROVIDER_URL, "ldap://" + _hostname + ":" + _port + "/"); } else { env.put(Context.PROVIDER_URL, "ldap://" + _hostname + "/"); } } if (_authenticationMethod != null) { env.put(Context.SECURITY_AUTHENTICATION, _authenticationMethod); } if (_bindDn != null) { env.put(Context.SECURITY_PRINCIPAL, _bindDn); } if (_bindPassword != null) { env.put(Context.SECURITY_CREDENTIALS, _bindPassword); } return env; } public static String convertCredentialJettyToLdap( String encryptedPassword ) { if ("MD5:".startsWith(encryptedPassword.toUpperCase())) { return "{MD5}" + encryptedPassword.substring("MD5:".length(), encryptedPassword.length()); } if ("CRYPT:".startsWith(encryptedPassword.toUpperCase())) { return "{CRYPT}" + encryptedPassword.substring("CRYPT:".length(), encryptedPassword.length()); } return encryptedPassword; } public static String convertCredentialLdapToJetty( String encryptedPassword ) { if (encryptedPassword == null) { return encryptedPassword; } if ("{MD5}".startsWith(encryptedPassword.toUpperCase())) { return "MD5:" + encryptedPassword.substring("{MD5}".length(), encryptedPassword.length()); } if ("{CRYPT}".startsWith(encryptedPassword.toUpperCase())) { return "CRYPT:" + encryptedPassword.substring("{CRYPT}".length(), encryptedPassword.length()); } return encryptedPassword; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -