Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improvements to LDAP provider compatibility with Samba, as per contribution by Robert Sanders.

This commit is contained in:
Ben Alex 2005-02-17 20:39:04 +00:00
parent 0b296e7cf0
commit 40bf65bdf8
2 changed files with 94 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
project.xml
View File

@ -136,6 +136,9 @@
<contributor> <contributor>
<name>Sergio Berna</name> <name>Sergio Berna</name>
</contributor> </contributor>
<contributor>
<name>Robert Sanders</name>
</contributor>
</contributors> </contributors>
<dependencies> <dependencies>
<dependency> <dependency>

108
sandbox/src/main/java/org/acegisecurity/providers/dao/ldap/LdapPasswordAuthenticationDao.java
View File

@ -1,4 +1,4 @@
/* Copyright 2004 Acegi Technology Pty Limited /* Copyright 2004, 2005 Acegi Technology Pty Limited
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -51,8 +51,22 @@ import javax.naming.directory.SearchResult;
* This is an example <code>PasswordAuthenticationDao</code> implementation * This is an example <code>PasswordAuthenticationDao</code> implementation
* using LDAP service for user authentication. * using LDAP service for user authentication.
* *
* <p>Example use: <br/>
* &lt;bean id="ldapDaoImpl" class="net.sf.acegisecurity.providers.dao.ldap.LdapPasswordAuthenticationDao"&gt; <br/>
* &lt;property name="host"&gt;&lt;value&gt;sydney.ipov.info&lt;/value&gt;&lt;/property&gt; <br/>
* &lt;property name="rootContext"&gt;&lt;value&gt;dc=ipov,dc=info&lt;/value&gt;&lt;/property&gt; <br/>
* &lt;property name="userContext"&gt;&lt;alue&gt;ou=Users&lt;/value&gt;&lt;/property&gt; <br/>
* &lt;property name="userAttribute"&gt;&lt;value&gt;uid&lt;/value&gt;&lt;/property&gt; <br/>
* &lt;/bean&gt; <br/>
* ...<br/>
* &lt;bean id="authenticationProvider" class="net.sf.acegisecurity.providers.dao.PasswordDaoAuthenticationProvider"&gt; <br/>
* &lt;property name="passwordAuthenticationDao"&gt;&lt;ref local="ldapDaoImpl"/&gt;&lt;/property&gt; <br/>
* &lt;/bean&gt; <br/>
* </p>
*
* @author Karel Miarka * @author Karel Miarka
* @author Daniel Miller * @author Daniel Miller
* @author Robert Sanders
*/ */
public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao { public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao {
//~ Static fields/initializers ============================================= //~ Static fields/initializers =============================================
@ -63,7 +77,11 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao
//~ Instance fields ======================================================== //~ Instance fields ========================================================
private String host; private String host;
/** The INITIAL_CONTEXT_FACTORY for use with JNDI. */
private String initialContextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
private String rootContext; private String rootContext;
private String userAttribute = "CN"; // ??? is this the right code??
private String userContext = "CN=Users"; private String userContext = "CN=Users";
private String[] rolesAttributes = {"memberOf"}; private String[] rolesAttributes = {"memberOf"};
private int port = 389; private int port = 389;
@ -79,6 +97,33 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao
this.host = hostname; this.host = hostname;
} }
/**
* DOCUMENT ME!
*
* @return Returns the host.
*/
public String getHost() {
return host;
}
/**
* DOCUMENT ME!
*
* @param initialContextFactory The initialContextFactory to set.
*/
public void setInitialContextFactory(String initialContextFactory) {
this.initialContextFactory = initialContextFactory;
}
/**
* DOCUMENT ME!
*
* @return Returns the initialContextFactory.
*/
public String getInitialContextFactory() {
return initialContextFactory;
}
/** /**
* Set the port on which is running the LDAP server. <br>Default value: 389 * Set the port on which is running the LDAP server. <br>Default value: 389
* *
@ -88,6 +133,27 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao
this.port = port; this.port = port;
} }
/**
* DOCUMENT ME!
*
* @return Returns the port.
*/
public int getPort() {
return port;
}
public String getProviderURL() {
StringBuffer providerUrl = new StringBuffer();
providerUrl.append("ldap://");
providerUrl.append(this.host);
providerUrl.append(":");
providerUrl.append(this.port);
providerUrl.append("/");
providerUrl.append(this.rootContext);
return providerUrl.toString();
}
/** /**
* Set the name of user object's attribute(s) which contains the list of * Set the name of user object's attribute(s) which contains the list of
* user's role names. The role is converted to upper case and a "ROLE_" * user's role names. The role is converted to upper case and a "ROLE_"
@ -110,6 +176,24 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao
this.rootContext = rootContext; this.rootContext = rootContext;
} }
/**
* DOCUMENT ME!
*
* @param userAttribute The userAttribute to set.
*/
public void setUserAttribute(String userAttribute) {
this.userAttribute = userAttribute;
}
/**
* DOCUMENT ME!
*
* @return Returns the userAttribute.
*/
public String getUserAttribute() {
return userAttribute;
}
/** /**
* Set the context in which all users reside relative to the root context. <br> * Set the context in which all users reside relative to the root context. <br>
* Defalut value: "CN=Users" * Defalut value: "CN=Users"
@ -130,23 +214,14 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao
env.put(Context.INITIAL_CONTEXT_FACTORY, env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory"); "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, getProviderURL());
StringBuffer providerUrl = new StringBuffer();
providerUrl.append("ldap://");
providerUrl.append(this.host);
providerUrl.append(":");
providerUrl.append(this.port);
providerUrl.append("/");
providerUrl.append(this.rootContext);
env.put(Context.PROVIDER_URL, providerUrl.toString());
env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, getUserPrincipal(username)); env.put(Context.SECURITY_PRINCIPAL, getUserPrincipal(username));
env.put(Context.SECURITY_CREDENTIALS, password); env.put(Context.SECURITY_CREDENTIALS, password);
try { try {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Connecting to " + providerUrl + " as " log.debug("Connecting to " + getProviderURL() + " as "
+ getUserPrincipal(username)); + getUserPrincipal(username));
} }
@ -293,17 +368,16 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao
/** /**
* Get the <code>Context.SECURITY_PRINCIPAL</code> for the given username * Get the <code>Context.SECURITY_PRINCIPAL</code> for the given username
* string. This implementation returns a string composed of the following: * string. This implementation returns the userBase for JNDI / LDAP
* &lt;usernamePrefix&gt;&lt;username&gt;&lt;usernameSufix. This function * lookup.
* may be overridden in a subclass.
* *
* @param username DOCUMENT ME! * @param username DOCUMENT ME!
* *
* @return DOCUMENT ME! * @return DOCUMENT ME!
*/ */
protected String getUserPrincipal(String username) { protected String getUserPrincipal(String username) {
StringBuffer principal = new StringBuffer(); StringBuffer principal = new StringBuffer(userAttribute);
principal.append("CN="); principal.append("=");
principal.append(username); principal.append(username);
principal.append(","); principal.append(",");
principal.append(this.userContext); principal.append(this.userContext);