Added the ability to explicitedly configure the type of directory
back-ending a REALM and the ability to configure the search string that should be utilized when performing a contextless login via the Pwd Authenticate mechanism.
This commit is contained in:
Juan Carlos Luciani
parent
c1a12d0c44
commit
f7441b20ac
@ -192,27 +192,31 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
|
||||
searchRoots = new String[] {""};
|
||||
}
|
||||
|
||||
// Determine the search string to be utilized based on the type of directory
|
||||
// associated with the realm.
|
||||
String searchString;
|
||||
String realmType = m_svcConfig.m_realmsInfo.getType(authReqMsg.getRealm());
|
||||
if (realmType != null)
|
||||
// Check if a search string has been configured
|
||||
String searchString = m_svcConfig.m_realmsInfo.getCntxtlessSearchString(authReqMsg.getRealm());
|
||||
if (searchString == null)
|
||||
{
|
||||
if (realmType.compareToIgnoreCase(RealmsInfo.eDirectoryRealm) == 0)
|
||||
searchString = "(cn={0})";
|
||||
else if (realmType.compareToIgnoreCase(RealmsInfo.ActiveDirectoryRealm) == 0)
|
||||
searchString = "(sAMAccountName={0})";
|
||||
// Determine the search string to be utilized based on the type of directory
|
||||
// associated with the realm.
|
||||
String realmType = m_svcConfig.m_realmsInfo.getType(authReqMsg.getRealm());
|
||||
if (realmType != null)
|
||||
{
|
||||
if (realmType.compareToIgnoreCase(RealmsInfo.eDirectoryRealm) == 0)
|
||||
searchString = "(cn={0})";
|
||||
else if (realmType.compareToIgnoreCase(RealmsInfo.ActiveDirectoryRealm) == 0)
|
||||
searchString = "(sAMAccountName={0})";
|
||||
else
|
||||
{
|
||||
System.err.println("PwdAuthenticate.invoke()- Unsupported realm type " + realmType);
|
||||
throw new Exception("Realm configuration error");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
System.err.println("PwdAuthenticate.invoke()- Unsupported realm type " + realmType);
|
||||
System.err.println("PwdAuthenticate.invoke()- Failed to obtain realm type for realm " + authReqMsg.getRealm());
|
||||
throw new Exception("Realm configuration error");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
System.err.println("PwdAuthenticate.invoke()- Failed to obtain realm type for realm " + authReqMsg.getRealm());
|
||||
throw new Exception("Realm configuration error");
|
||||
}
|
||||
|
||||
// Go through the search roots stopping if the identity is resolved.
|
||||
for (int i = 0; i < searchRoots.length && identId == null; i++)
|
||||
|
||||
@ -50,11 +50,12 @@ public class RealmsInfo
|
||||
// Internal constants
|
||||
private final static String RealmUrl = "Url";
|
||||
private final static String RealmType = "Type";
|
||||
private final static String CntxtlessSearchString = "CntxtlessSearchString";
|
||||
|
||||
/**
|
||||
* String returned by getType method for Active Directory realms.
|
||||
*/
|
||||
public final static String ActiveDirectoryRealm = "AD";
|
||||
public final static String ActiveDirectoryRealm = "ActiveDir";
|
||||
|
||||
/**
|
||||
* String returned by getType method for eDirectory realms.
|
||||
@ -94,6 +95,7 @@ public class RealmsInfo
|
||||
// We are dealing with a directory realm
|
||||
RealmInfo realmInfo = new RealmInfo();
|
||||
RealmTypeItem[] realmTypeItems = realm.getRealmTypeItem();
|
||||
String principalName = null;
|
||||
for (int ii = 0; ii < realmTypeItems.length; ii++)
|
||||
{
|
||||
// Find the configure Proxy User Name for the realm and any configured
|
||||
@ -107,30 +109,8 @@ public class RealmsInfo
|
||||
{
|
||||
if (env[iii].getProp().compareToIgnoreCase("java.naming.security.principal") == 0)
|
||||
{
|
||||
// We found the proxy user, now use it to determine whether or not
|
||||
// we are dealing with an Active Directory Server.
|
||||
//
|
||||
// Open a directory context and use it to read the "sAMAccountName"
|
||||
// users attribute which theoretically should only be valid on an AD
|
||||
// server.
|
||||
Hashtable env2 = new Hashtable();
|
||||
env2.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
|
||||
env2.put(Realm.REALM_CONFIG_LOCATION, realmConfigFilePath);
|
||||
env2.put(Realm.REALM_SELECTOR, realm.getId());
|
||||
|
||||
DirContext ctx = new InitialDirContext(env2);
|
||||
String[] attributesNeeded = new String[1];
|
||||
attributesNeeded[0] = "sAMAccountName";
|
||||
Attributes attributes = ctx.getAttributes(env[iii].getValue(), attributesNeeded);
|
||||
NamingEnumeration ae = attributes.getAll();
|
||||
if (ae != null && ae.hasMore())
|
||||
{
|
||||
realmInfo.m_keyValueMap.put(RealmType, ActiveDirectoryRealm);
|
||||
}
|
||||
else
|
||||
{
|
||||
realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm);
|
||||
}
|
||||
// We found the proxy user name. Save it in case it is needed later.
|
||||
principalName = env[iii].getValue();
|
||||
}
|
||||
else if (env[iii].getProp().compareToIgnoreCase("com.novell.casa.authtoksvc.searchroot") == 0)
|
||||
{
|
||||
@ -149,6 +129,29 @@ public class RealmsInfo
|
||||
realmInfo.m_searchRoots = newSearchRoots;
|
||||
}
|
||||
}
|
||||
else if (env[iii].getProp().compareToIgnoreCase("com.novell.casa.authtoksvc.directory_type") == 0)
|
||||
{
|
||||
// We are dealing with a directory type, decode it and record the result.
|
||||
String realmDirectoryType = env[iii].getValue();;
|
||||
if (realmDirectoryType.compareToIgnoreCase("eDir") == 0)
|
||||
{
|
||||
realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm);
|
||||
}
|
||||
else if (realmDirectoryType.compareToIgnoreCase("ActiveDirectory") == 0)
|
||||
{
|
||||
realmInfo.m_keyValueMap.put(RealmType, ActiveDirectoryRealm);
|
||||
}
|
||||
else
|
||||
{
|
||||
// Ignore parameter
|
||||
System.err.println("RealmsInfo: Unknown directory type");
|
||||
}
|
||||
}
|
||||
else if (env[iii].getProp().compareToIgnoreCase("com.novell.casa.authtoksvc.contextless_search_string") == 0)
|
||||
{
|
||||
// We are dealing with the contextless search string, keep track of it.
|
||||
realmInfo.m_keyValueMap.put(CntxtlessSearchString, env[iii].getValue());
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -159,6 +162,44 @@ public class RealmsInfo
|
||||
}
|
||||
}
|
||||
|
||||
// Check if we must try to determine the directory type
|
||||
if (realmInfo.m_keyValueMap.get(RealmType) == null)
|
||||
{
|
||||
// The directory type has not been determined, check if the proxy username was configured.
|
||||
if (principalName != null)
|
||||
{
|
||||
// The proxy user name was configured, use it to determine whether or not
|
||||
// we are dealing with an Active Directory Server.
|
||||
//
|
||||
// Open a directory context and use it to read the "sAMAccountName"
|
||||
// users attribute which theoretically should only be valid on an AD
|
||||
// server.
|
||||
Hashtable env = new Hashtable();
|
||||
env.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
|
||||
env.put(Realm.REALM_CONFIG_LOCATION, realmConfigFilePath);
|
||||
env.put(Realm.REALM_SELECTOR, realm.getId());
|
||||
|
||||
DirContext ctx = new InitialDirContext(env);
|
||||
String[] attributesNeeded = new String[1];
|
||||
attributesNeeded[0] = "sAMAccountName";
|
||||
Attributes attributes = ctx.getAttributes(principalName, attributesNeeded);
|
||||
NamingEnumeration ae = attributes.getAll();
|
||||
if (ae != null && ae.hasMore())
|
||||
{
|
||||
realmInfo.m_keyValueMap.put(RealmType, ActiveDirectoryRealm);
|
||||
}
|
||||
else
|
||||
{
|
||||
realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// The principal name was not configured, default to eDir.
|
||||
realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm);
|
||||
}
|
||||
}
|
||||
|
||||
m_realmsMap.put(realm.getId(), realmInfo);
|
||||
}
|
||||
}
|
||||
@ -208,4 +249,19 @@ public class RealmsInfo
|
||||
else
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get Contexless Search String.
|
||||
*
|
||||
* @param realmId Realm id.
|
||||
* @return ContextlessSearchString or null if no match found.
|
||||
*/
|
||||
final String getCntxtlessSearchString(String realmId)
|
||||
{
|
||||
RealmInfo realmInfo = m_realmsMap.get(realmId);
|
||||
if (realmInfo != null)
|
||||
return realmInfo.m_keyValueMap.get(CntxtlessSearchString);
|
||||
else
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@ -11,8 +11,9 @@
|
||||
<bci:env prop="java.naming.security.principal" value="PROXY_USER_NAME"/>
|
||||
<bci:env prop="java.naming.security.credentials" value="PROXY_USER_PW"/>
|
||||
<bci:env prop="java.naming.referral" value="follow"/>>
|
||||
<bci:env prop="com.novell.casa.authtoksvc.directory_type" value="eDir"/>
|
||||
<bci:connection xsi:type="bci:LDAPConnector">
|
||||
<bci:address>ldaps://LDAP_HOST_NAME:LDAP_LISTEN_PORT</bci:address>
|
||||
<bci:address>ldaps://LDAP_HOST_NAME:LDAP_LISTEN_PORT</bci:address>
|
||||
</bci:connection>
|
||||
</bci:realm>
|
||||
</bci:realms>
|
||||
|
||||
@ -1,3 +1,13 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 22 16:10:36 MST 2007 - jluciani@novell.com
|
||||
|
||||
- Added the ability to explicitedly configure the type of
|
||||
directory back-ending a realm.
|
||||
|
||||
- Added the ability to configure the search string that should
|
||||
be utilized when performing contextless-login as part of
|
||||
the Password authentication process.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 19 16:30:03 MST 2007 - jluciani@novell.com
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user