geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added the ability to explicitedly configure the type of directory

Browse Source 
back-ending a REALM and the ability to configure the search string that
should be utilized when performing a contextless login via the Pwd
Authenticate mechanism.
This commit is contained in:
Juan Carlos Luciani 2007-01-22 11:25:55 +00:00
parent c1a12d0c44
commit f7441b20ac
4 changed files with 112 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java
View File

@ -192,27 +192,31 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
searchRoots = new String[] {""}; searchRoots = new String[] {""};
} }
// Determine the search string to be utilized based on the type of directory // Check if a search string has been configured
// associated with the realm. String searchString = m_svcConfig.m_realmsInfo.getCntxtlessSearchString(authReqMsg.getRealm());
String searchString; if (searchString == null)
String realmType = m_svcConfig.m_realmsInfo.getType(authReqMsg.getRealm());
if (realmType != null)
{ {
if (realmType.compareToIgnoreCase(RealmsInfo.eDirectoryRealm) == 0) // Determine the search string to be utilized based on the type of directory
searchString = "(cn={0})"; // associated with the realm.
else if (realmType.compareToIgnoreCase(RealmsInfo.ActiveDirectoryRealm) == 0) String realmType = m_svcConfig.m_realmsInfo.getType(authReqMsg.getRealm());
searchString = "(sAMAccountName={0})"; if (realmType != null)
{
if (realmType.compareToIgnoreCase(RealmsInfo.eDirectoryRealm) == 0)
searchString = "(cn={0})";
else if (realmType.compareToIgnoreCase(RealmsInfo.ActiveDirectoryRealm) == 0)
searchString = "(sAMAccountName={0})";
else
{
System.err.println("PwdAuthenticate.invoke()- Unsupported realm type " + realmType);
throw new Exception("Realm configuration error");
}
}
else else
{ {
System.err.println("PwdAuthenticate.invoke()- Unsupported realm type " + realmType); System.err.println("PwdAuthenticate.invoke()- Failed to obtain realm type for realm " + authReqMsg.getRealm());
throw new Exception("Realm configuration error"); throw new Exception("Realm configuration error");
} }
} }
else
{
System.err.println("PwdAuthenticate.invoke()- Failed to obtain realm type for realm " + authReqMsg.getRealm());
throw new Exception("Realm configuration error");
}
// Go through the search roots stopping if the identity is resolved. // Go through the search roots stopping if the identity is resolved.
for (int i = 0; i < searchRoots.length && identId == null; i++) for (int i = 0; i < searchRoots.length && identId == null; i++)

106
CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java
View File

@ -50,11 +50,12 @@ public class RealmsInfo
// Internal constants // Internal constants
private final static String RealmUrl = "Url"; private final static String RealmUrl = "Url";
private final static String RealmType = "Type"; private final static String RealmType = "Type";
private final static String CntxtlessSearchString = "CntxtlessSearchString";
/** /**
* String returned by getType method for Active Directory realms. * String returned by getType method for Active Directory realms.
*/ */
public final static String ActiveDirectoryRealm = "AD"; public final static String ActiveDirectoryRealm = "ActiveDir";
/** /**
* String returned by getType method for eDirectory realms. * String returned by getType method for eDirectory realms.
@ -94,6 +95,7 @@ public class RealmsInfo
// We are dealing with a directory realm // We are dealing with a directory realm
RealmInfo realmInfo = new RealmInfo(); RealmInfo realmInfo = new RealmInfo();
RealmTypeItem[] realmTypeItems = realm.getRealmTypeItem(); RealmTypeItem[] realmTypeItems = realm.getRealmTypeItem();
String principalName = null;
for (int ii = 0; ii < realmTypeItems.length; ii++) for (int ii = 0; ii < realmTypeItems.length; ii++)
{ {
// Find the configure Proxy User Name for the realm and any configured // Find the configure Proxy User Name for the realm and any configured
@ -107,30 +109,8 @@ public class RealmsInfo
{ {
if (env[iii].getProp().compareToIgnoreCase("java.naming.security.principal") == 0) if (env[iii].getProp().compareToIgnoreCase("java.naming.security.principal") == 0)
{ {
// We found the proxy user, now use it to determine whether or not // We found the proxy user name. Save it in case it is needed later.
// we are dealing with an Active Directory Server. principalName = env[iii].getValue();
//
// Open a directory context and use it to read the "sAMAccountName"
// users attribute which theoretically should only be valid on an AD
// server.
Hashtable env2 = new Hashtable();
env2.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
env2.put(Realm.REALM_CONFIG_LOCATION, realmConfigFilePath);
env2.put(Realm.REALM_SELECTOR, realm.getId());
DirContext ctx = new InitialDirContext(env2);
String[] attributesNeeded = new String[1];
attributesNeeded[0] = "sAMAccountName";
Attributes attributes = ctx.getAttributes(env[iii].getValue(), attributesNeeded);
NamingEnumeration ae = attributes.getAll();
if (ae != null && ae.hasMore())
{
realmInfo.m_keyValueMap.put(RealmType, ActiveDirectoryRealm);
}
else
{
realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm);
}
} }
else if (env[iii].getProp().compareToIgnoreCase("com.novell.casa.authtoksvc.searchroot") == 0) else if (env[iii].getProp().compareToIgnoreCase("com.novell.casa.authtoksvc.searchroot") == 0)
{ {
@ -149,6 +129,29 @@ public class RealmsInfo
realmInfo.m_searchRoots = newSearchRoots; realmInfo.m_searchRoots = newSearchRoots;
} }
} }
else if (env[iii].getProp().compareToIgnoreCase("com.novell.casa.authtoksvc.directory_type") == 0)
{
// We are dealing with a directory type, decode it and record the result.
String realmDirectoryType = env[iii].getValue();;
if (realmDirectoryType.compareToIgnoreCase("eDir") == 0)
{
realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm);
}
else if (realmDirectoryType.compareToIgnoreCase("ActiveDirectory") == 0)
{
realmInfo.m_keyValueMap.put(RealmType, ActiveDirectoryRealm);
}
else
{
// Ignore parameter
System.err.println("RealmsInfo: Unknown directory type");
}
}
else if (env[iii].getProp().compareToIgnoreCase("com.novell.casa.authtoksvc.contextless_search_string") == 0)
{
// We are dealing with the contextless search string, keep track of it.
realmInfo.m_keyValueMap.put(CntxtlessSearchString, env[iii].getValue());
}
} }
} }
} }
@ -159,6 +162,44 @@ public class RealmsInfo
} }
} }
// Check if we must try to determine the directory type
if (realmInfo.m_keyValueMap.get(RealmType) == null)
{
// The directory type has not been determined, check if the proxy username was configured.
if (principalName != null)
{
// The proxy user name was configured, use it to determine whether or not
// we are dealing with an Active Directory Server.
//
// Open a directory context and use it to read the "sAMAccountName"
// users attribute which theoretically should only be valid on an AD
// server.
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
env.put(Realm.REALM_CONFIG_LOCATION, realmConfigFilePath);
env.put(Realm.REALM_SELECTOR, realm.getId());
DirContext ctx = new InitialDirContext(env);
String[] attributesNeeded = new String[1];
attributesNeeded[0] = "sAMAccountName";
Attributes attributes = ctx.getAttributes(principalName, attributesNeeded);
NamingEnumeration ae = attributes.getAll();
if (ae != null && ae.hasMore())
{
realmInfo.m_keyValueMap.put(RealmType, ActiveDirectoryRealm);
}
else
{
realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm);
}
}
else
{
// The principal name was not configured, default to eDir.
realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm);
}
}
m_realmsMap.put(realm.getId(), realmInfo); m_realmsMap.put(realm.getId(), realmInfo);
} }
} }
@ -208,4 +249,19 @@ public class RealmsInfo
else else
return null; return null;
} }
/**
* Get Contexless Search String.
*
* @param realmId Realm id.
* @return ContextlessSearchString or null if no match found.
*/
final String getCntxtlessSearchString(String realmId)
{
RealmInfo realmInfo = m_realmsMap.get(realmId);
if (realmInfo != null)
return realmInfo.m_keyValueMap.get(CntxtlessSearchString);
else
return null;
}
} }

3
CASA-auth-token/server-java/Svc/templates/iaRealms.xml
View File

@ -11,8 +11,9 @@
<bci:env prop="java.naming.security.principal" value="PROXY_USER_NAME"/> <bci:env prop="java.naming.security.principal" value="PROXY_USER_NAME"/>
<bci:env prop="java.naming.security.credentials" value="PROXY_USER_PW"/> <bci:env prop="java.naming.security.credentials" value="PROXY_USER_PW"/>
<bci:env prop="java.naming.referral" value="follow"/>> <bci:env prop="java.naming.referral" value="follow"/>>
<bci:env prop="com.novell.casa.authtoksvc.directory_type" value="eDir"/>
<bci:connection xsi:type="bci:LDAPConnector"> <bci:connection xsi:type="bci:LDAPConnector">
<bci:address>ldaps://LDAP_HOST_NAME:LDAP_LISTEN_PORT</bci:address> <bci:address>ldaps://LDAP_HOST_NAME:LDAP_LISTEN_PORT</bci:address>
</bci:connection> </bci:connection>
</bci:realm> </bci:realm>
</bci:realms> </bci:realms>

10
CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes
View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Mon Jan 22 16:10:36 MST 2007 - jluciani@novell.com
- Added the ability to explicitedly configure the type of
directory back-ending a realm.
- Added the ability to configure the search string that should
be utilized when performing contextless-login as part of
the Password authentication process.
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jan 19 16:30:03 MST 2007 - jluciani@novell.com Fri Jan 19 16:30:03 MST 2007 - jluciani@novell.com