directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From szoer...@apache.org
Subject svn commit: r777220 - /directory/sandbox/szoerner/apacheds-tomcatrealm/src/main/java/org/apache/directory/tomcatrealm/EmbeddedApacheDsRealm.java
Date Thu, 21 May 2009 18:52:48 GMT
Author: szoerner
Date: Thu May 21 18:52:47 2009
New Revision: 777220

URL: http://svn.apache.org/viewvc?rev=777220&view=rev
Log:
First version which performs user and role searches

Modified:
    directory/sandbox/szoerner/apacheds-tomcatrealm/src/main/java/org/apache/directory/tomcatrealm/EmbeddedApacheDsRealm.java

Modified: directory/sandbox/szoerner/apacheds-tomcatrealm/src/main/java/org/apache/directory/tomcatrealm/EmbeddedApacheDsRealm.java
URL: http://svn.apache.org/viewvc/directory/sandbox/szoerner/apacheds-tomcatrealm/src/main/java/org/apache/directory/tomcatrealm/EmbeddedApacheDsRealm.java?rev=777220&r1=777219&r2=777220&view=diff
==============================================================================
--- directory/sandbox/szoerner/apacheds-tomcatrealm/src/main/java/org/apache/directory/tomcatrealm/EmbeddedApacheDsRealm.java
(original)
+++ directory/sandbox/szoerner/apacheds-tomcatrealm/src/main/java/org/apache/directory/tomcatrealm/EmbeddedApacheDsRealm.java
Thu May 21 18:52:47 2009
@@ -1,30 +1,56 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
 package org.apache.directory.tomcatrealm;
 
-import java.beans.PropertyChangeListener;
-import java.beans.PropertyChangeSupport;
-import java.io.IOException;
 import java.security.Principal;
-import java.security.cert.X509Certificate;
+import java.text.MessageFormat;
+import java.util.ArrayList;
+import java.util.List;
 
-import org.apache.catalina.Container;
-import org.apache.catalina.Context;
-import org.apache.catalina.Lifecycle;
 import org.apache.catalina.LifecycleException;
-import org.apache.catalina.LifecycleListener;
-import org.apache.catalina.Realm;
-import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
-import org.apache.catalina.deploy.SecurityConstraint;
+import org.apache.catalina.realm.GenericPrincipal;
+import org.apache.catalina.realm.RealmBase;
+import org.apache.directory.server.core.CoreSession;
 import org.apache.directory.server.core.DefaultDirectoryService;
 import org.apache.directory.server.core.DirectoryService;
+import org.apache.directory.server.core.cursor.CursorIterator;
+import org.apache.directory.server.core.entry.ServerEntry;
+import org.apache.directory.server.core.filtering.EntryFilteringCursor;
 import org.apache.directory.server.ldap.LdapService;
 import org.apache.directory.server.protocol.shared.SocketAcceptor;
+import org.apache.directory.shared.ldap.entry.EntryAttribute;
+import org.apache.directory.shared.ldap.filter.ExprNode;
+import org.apache.directory.shared.ldap.filter.FilterParser;
+import org.apache.directory.shared.ldap.filter.SearchScope;
+import org.apache.directory.shared.ldap.message.AliasDerefMode;
+import org.apache.directory.shared.ldap.name.LdapDN;
+
+/**
+ * An Apache Tomcat realm whichs embeds Apache Directory Server.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory
+ *         Project</a>
+ */
+public class EmbeddedApacheDsRealm extends RealmBase {
 
-public class EmbeddedApacheDsRealm implements Realm, Lifecycle {
-
-	private PropertyChangeSupport propertyChangeSupport;
-
-	private Container container;
+	private static final String REALM_NAME = "EmbeddedApacheDsRealm";
 
 	private DirectoryService directoryService;
 
@@ -33,7 +59,6 @@
 	private LdapService ldapService;
 
 	public EmbeddedApacheDsRealm() {
-		this.propertyChangeSupport = new PropertyChangeSupport(this);
 	}
 
 	/**
@@ -41,7 +66,8 @@
 	 */
 	@Override
 	public void start() throws LifecycleException {
-		try {				
+		try {
+
 			directoryService = new DefaultDirectoryService();
 			directoryService.setShutdownHookEnabled(true);
 
@@ -69,9 +95,6 @@
 	 */
 	@Override
 	public void stop() throws LifecycleException {
-		
-		System.out.println("EmbeddedApacheDsRealm::stop()");
-		
 		try {
 			ldapService.stop();
 			directoryService.shutdown();
@@ -82,44 +105,12 @@
 	}
 
 	/**
-	 * Set the Container with which this Realm has been associated.
-	 */
-	@Override
-	public void setContainer(Container container) {
-		this.container = container;
-	}
-
-	/**
-	 * Return the Container with which this Realm has been associated.
-	 */
-	@Override
-	public Container getContainer() {
-		return this.container;
-	}
-
-	/**
-	 * Add a property change listener to this component.
-	 */
-	@Override
-	public void addPropertyChangeListener(PropertyChangeListener listener) {
-		this.propertyChangeSupport.addPropertyChangeListener(listener);
-	}
-
-	/**
-	 * Remove a property change listener from this component.
-	 */
-	@Override
-	public void removePropertyChangeListener(PropertyChangeListener listener) {
-		this.propertyChangeSupport.removePropertyChangeListener(listener);
-	}
-
-	/**
 	 * Return descriptive information about this Realm implementation and the
 	 * corresponding version number, in the format <description>/<version>.
 	 */
 	@Override
 	public String getInfo() {
-		return "EmbeddedApacheDsRealm/0.1";
+		return REALM_NAME + "/0.1";
 	}
 
 	/**
@@ -128,84 +119,130 @@
 	 */
 	@Override
 	public Principal authenticate(String username, String credentials) {
-		
-		System.out.println("authenticate "+username);
-		
+		System.out.println("authenticate " + username);
+
+		LdapDN userDN = this.findDnForUsername(username);
+		if (userDN != null) {
+
+			System.out.println("upName = " + userDN.getUpName());
+			System.out.println("normName = " + userDN.getNormName());
+
+			if (this.authenticate(userDN, credentials)) {
+				List<String> roles = this.searchRolesForUserDn(userDN);
+				return new GenericPrincipal(this, username, credentials, roles);
+			}
+
+		} else {
+			System.out.println("User " + username + " not found in directory");
+		}
+
 		return null;
 	}
 
 	/**
-	 * Return true if the specified Principal has the specified security role,
-	 * within the context of this Realm; otherwise return false.
+	 * Return a short name for this Realm implementation, for use in log
+	 * messages.
 	 */
 	@Override
-	public boolean hasRole(Principal principal, String role) {
-		// TODO Auto-generated method stub
-		return false;
+	protected String getName() {
+		return REALM_NAME;
 	}
 
+	/**
+	 * Return the password associated with the given principal's user name. This
+	 * method is not supported by this realm yet.
+	 */
 	@Override
-	public Principal authenticate(X509Certificate[] arg0) {
-		// TODO Auto-generated method stub
-		return null;
+	protected String getPassword(String username) {
+		throw new RuntimeException(
+				"Operation getPassword not supported by this realm");
 	}
 
-	@Override
-	public Principal authenticate(String arg0, byte[] arg1) {
-		// TODO Auto-generated method stub
-		return null;
-	}
+	protected LdapDN findDnForUsername(String username) {
+		LdapDN dn = null;
 
-	@Override
-	public Principal authenticate(String arg0, String arg1, String arg2,
-			String arg3, String arg4, String arg5, String arg6, String arg7) {
-		// TODO Auto-generated method stub
-		return null;
-	}
+		try {
+			CoreSession adminSession = directoryService.getAdminSession();
 
-	@Override
-	public void backgroundProcess() {
-		// TODO Auto-generated method stub
+			String base = "ou=system";
+			LdapDN basedn = new LdapDN(base);
+			SearchScope scope = SearchScope.SUBTREE;
+
+			MessageFormat f = new MessageFormat(
+					"(&(objectClass=person)(uid={0}))");
+			String sFilter = f.format(new Object[] { username });
+
+			System.out.println("Filter = " + sFilter);
+
+			ExprNode filter = FilterParser.parse(sFilter);
+			EntryFilteringCursor cursor = adminSession.search(basedn, scope,
+					filter, AliasDerefMode.NEVER_DEREF_ALIASES, null, 0, 0);
+
+			CursorIterator iter = new CursorIterator(cursor);
+			if (iter.hasNext()) {
+				ServerEntry entry = (ServerEntry) iter.next();
+				dn = entry.getDn();
+			}
+			adminSession.unbind();
 
+		} catch (Exception e) {
+			e.printStackTrace();
+			throw new RuntimeException(e);
+		}
+		return dn;
 	}
 
-	@Override
-	public SecurityConstraint[] findSecurityConstraints(Request arg0,
-			Context arg1) {
-		// TODO Auto-generated method stub
-		return null;
+	protected boolean authenticate(LdapDN userDN, String credentials) {
+		boolean authenticated = false;
+		try {
+			directoryService.getSession(userDN, credentials.getBytes());
+			authenticated = true;
+		} catch (Exception e) {
+			e.printStackTrace();
+		}
+		return authenticated;
 	}
 
-	@Override
-	public boolean hasResourcePermission(Request arg0, Response arg1,
-			SecurityConstraint[] arg2, Context arg3) throws IOException {
-		// TODO Auto-generated method stub
-		return false;
-	}
+	protected List<String> searchRolesForUserDn(LdapDN userDn) {
+		List<String> roles = new ArrayList<String>();
 
-	@Override
-	public boolean hasUserDataPermission(Request arg0, Response arg1,
-			SecurityConstraint[] arg2) throws IOException {
-		// TODO Auto-generated method stub
-		return false;
-	}
+		try {
+			CoreSession adminSession = directoryService.getAdminSession();
 
-	@Override
-	public void addLifecycleListener(LifecycleListener listener) {
-		// TODO Auto-generated method stub
+			String base = "ou=system";
+			LdapDN basedn = new LdapDN(base);
+			SearchScope scope = SearchScope.SUBTREE;
 
-	}
+			MessageFormat f = new MessageFormat(
+					"(&(objectClass=groupOfNames)(member={0}))");
+			String sFilter = f.format(new Object[] { userDn.getUpName() });
 
-	@Override
-	public LifecycleListener[] findLifecycleListeners() {
-		// TODO Auto-generated method stub
-		return null;
-	}
+			System.out.println("Filter = " + sFilter);
 
-	@Override
-	public void removeLifecycleListener(LifecycleListener listener) {
-		// TODO Auto-generated method stub
+			ExprNode filter = FilterParser.parse(sFilter);
+			EntryFilteringCursor cursor = adminSession.search(basedn, scope,
+					filter, AliasDerefMode.NEVER_DEREF_ALIASES, null, 0, 0);
+
+			CursorIterator iter = new CursorIterator(cursor);
+			while (iter.hasNext()) {
+				ServerEntry entry = (ServerEntry) iter.next();
+				EntryAttribute attr = entry.get("cn");
 
+				System.out.println(attr);
+
+				roles.add(attr.getString());
+			}
+			adminSession.unbind();
+
+		} catch (Exception e) {
+			e.printStackTrace();
+			throw new RuntimeException(e);
+		}
+		return roles;
 	}
 
+	@Override
+	protected Principal getPrincipal(String username) {
+		return null;
+	}
 }



Mime
View raw message