incubator-blur-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From amccu...@apache.org
Subject [3/4] git commit: Adding ldap sasl implementation.
Date Tue, 03 Feb 2015 15:25:23 GMT
Adding ldap sasl implementation.


Project: http://git-wip-us.apache.org/repos/asf/incubator-blur/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-blur/commit/17e0a799
Tree: http://git-wip-us.apache.org/repos/asf/incubator-blur/tree/17e0a799
Diff: http://git-wip-us.apache.org/repos/asf/incubator-blur/diff/17e0a799

Branch: refs/heads/master
Commit: 17e0a79965a1daa26c79b9ac6a18d534d0a7b948
Parents: 46a4f45
Author: Aaron McCurry <amccurry@gmail.com>
Authored: Tue Feb 3 10:23:45 2015 -0500
Committer: Aaron McCurry <amccurry@gmail.com>
Committed: Tue Feb 3 10:23:45 2015 -0500

----------------------------------------------------------------------
 .../AnonymousAuthenticationProviderImpl.java    |  2 +-
 .../blur/thrift/sasl/AuthenticationType.java    |  2 +-
 .../sasl/CustomAuthenticationProviderImpl.java  |  8 +-
 .../sasl/LdapAuthenticationProviderImpl.java    | 83 ++++++++++++++++++++
 .../sasl/PasswordAuthenticationProvider.java    |  3 +-
 .../org/apache/blur/thrift/sasl/SaslHelper.java |  8 ++
 6 files changed, 101 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/17e0a799/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/AnonymousAuthenticationProviderImpl.java
----------------------------------------------------------------------
diff --git a/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/AnonymousAuthenticationProviderImpl.java
b/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/AnonymousAuthenticationProviderImpl.java
index c314774..5c720c2 100644
--- a/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/AnonymousAuthenticationProviderImpl.java
+++ b/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/AnonymousAuthenticationProviderImpl.java
@@ -30,7 +30,7 @@ public class AnonymousAuthenticationProviderImpl extends PasswordAuthenticationP
 
   @Override
   public void authenticate(String username, String password, InetSocketAddress address) throws
AuthenticationException {
-    System.out.println("Username [" + username + "] Password [" + password + "]");
+
   }
 
 }

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/17e0a799/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/AuthenticationType.java
----------------------------------------------------------------------
diff --git a/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/AuthenticationType.java
b/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/AuthenticationType.java
index 079e4bb..bfe3d48 100644
--- a/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/AuthenticationType.java
+++ b/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/AuthenticationType.java
@@ -17,5 +17,5 @@
 package org.apache.blur.thrift.sasl;
 
 public enum AuthenticationType {
-  ANONYMOUS, CUSTOM
+  ANONYMOUS, CUSTOM, LDAP
 }

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/17e0a799/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/CustomAuthenticationProviderImpl.java
----------------------------------------------------------------------
diff --git a/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/CustomAuthenticationProviderImpl.java
b/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/CustomAuthenticationProviderImpl.java
index 7090fa9..dae4026 100644
--- a/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/CustomAuthenticationProviderImpl.java
+++ b/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/CustomAuthenticationProviderImpl.java
@@ -16,6 +16,8 @@
  */
 package org.apache.blur.thrift.sasl;
 
+import static org.apache.blur.utils.BlurConstants.BLUR_SECUTIRY_SASL_CUSTOM_CLASS;
+
 import java.lang.reflect.Constructor;
 import java.net.InetSocketAddress;
 
@@ -25,11 +27,13 @@ import org.apache.blur.BlurConfiguration;
 import org.apache.blur.log.Log;
 import org.apache.blur.log.LogFactory;
 
+/**
+ * The basis for this code originated in the Apache Hive Project.
+ */
 public class CustomAuthenticationProviderImpl extends PasswordAuthenticationProvider {
 
   private static final Log LOG = LogFactory.getLog(CustomAuthenticationProviderImpl.class);
-  private static final String BLUR_SECUTIRY_SASL_CUSTOM_CLASS = "blur.security.sasl.CUSTOM.class";
-  
+
   private final PasswordAuthenticationProvider _provider;
 
   @SuppressWarnings("unchecked")

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/17e0a799/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/LdapAuthenticationProviderImpl.java
----------------------------------------------------------------------
diff --git a/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/LdapAuthenticationProviderImpl.java
b/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/LdapAuthenticationProviderImpl.java
new file mode 100644
index 0000000..652a15e
--- /dev/null
+++ b/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/LdapAuthenticationProviderImpl.java
@@ -0,0 +1,83 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.blur.thrift.sasl;
+
+import static org.apache.blur.utils.BlurConstants.BLUR_SECURITY_SASL_LDAP_BASEDN;
+import static org.apache.blur.utils.BlurConstants.BLUR_SECURITY_SASL_LDAP_DOMAIN;
+import static org.apache.blur.utils.BlurConstants.BLUR_SECURITY_SASL_LDAP_URL;
+
+import java.net.InetSocketAddress;
+import java.util.Hashtable;
+
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
+import javax.security.sasl.AuthenticationException;
+
+import org.apache.blur.BlurConfiguration;
+
+/**
+ * The basis for this code originated in the Apache Hive Project.
+ */
+public class LdapAuthenticationProviderImpl extends PasswordAuthenticationProvider {
+
+  private final String _ldapURL;
+  private final String _baseDN;
+  private final String _ldapDomain;
+
+  public LdapAuthenticationProviderImpl(BlurConfiguration configuration) {
+    super(configuration);
+    _ldapURL = configuration.get(BLUR_SECURITY_SASL_LDAP_URL);
+    _baseDN = configuration.get(BLUR_SECURITY_SASL_LDAP_BASEDN);
+    _ldapDomain = configuration.get(BLUR_SECURITY_SASL_LDAP_DOMAIN);
+  }
+
+  @Override
+  public void authenticate(String username, String password, InetSocketAddress address) throws
AuthenticationException {
+
+    Hashtable<String, Object> env = new Hashtable<String, Object>();
+    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
+    env.put(Context.PROVIDER_URL, _ldapURL);
+
+    // If the domain is supplied, then append it. LDAP providers
+    // like Active Directory use a fully qualified user name like foo@bar.com.
+    if (_ldapDomain != null) {
+      username = username + "@" + _ldapDomain;
+    }
+
+    // setup the security principal
+    final String bindDN;
+    if (_baseDN != null) {
+      bindDN = "uid=" + username + "," + _baseDN;
+    } else {
+      bindDN = username;
+    }
+    env.put(Context.SECURITY_AUTHENTICATION, "simple");
+    env.put(Context.SECURITY_PRINCIPAL, bindDN);
+    env.put(Context.SECURITY_CREDENTIALS, password);
+
+    try {
+      // Create initial context
+      DirContext ctx = new InitialDirContext(env);
+      ctx.close();
+    } catch (NamingException e) {
+      throw new AuthenticationException("Error validating LDAP user", e);
+    }
+    return;
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/17e0a799/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/PasswordAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/PasswordAuthenticationProvider.java
b/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/PasswordAuthenticationProvider.java
index 8d635e9..82362ee 100644
--- a/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/PasswordAuthenticationProvider.java
+++ b/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/PasswordAuthenticationProvider.java
@@ -28,6 +28,7 @@ public abstract class PasswordAuthenticationProvider {
 
   }
 
-  public abstract void authenticate(String username, String password, InetSocketAddress address)
throws AuthenticationException;
+  public abstract void authenticate(String username, String password, InetSocketAddress address)
+      throws AuthenticationException;
 
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/17e0a799/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/SaslHelper.java
----------------------------------------------------------------------
diff --git a/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/SaslHelper.java b/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/SaslHelper.java
index 343c22f..ba02186 100644
--- a/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/SaslHelper.java
+++ b/blur-thrift/src/main/java/org/apache/blur/thrift/sasl/SaslHelper.java
@@ -37,6 +37,9 @@ import org.apache.blur.log.Log;
 import org.apache.blur.log.LogFactory;
 import org.apache.blur.thirdparty.thrift_0_9_0.transport.TTransport;
 
+/**
+ * The basis for this code originated in the Apache Hive Project.
+ */
 public class SaslHelper {
 
   private static final Log LOG = LogFactory.getLog(SaslHelper.class);
@@ -55,6 +58,7 @@ public class SaslHelper {
     AuthenticationType type = getValueOf(configuration.get(BLUR_SECURITY_SASL_TYPE));
     switch (type) {
     case ANONYMOUS:
+    case LDAP:
     case CUSTOM:
       return getPlainTSaslClientTransport(type, configuration, transport);
     default:
@@ -72,6 +76,7 @@ public class SaslHelper {
       password = "anonymous";
       break;
     }
+    case LDAP:
     case CUSTOM: {
       username = configuration.get(BLUR_SECURITY_SASL_PLAIN_USERNAME);
       password = configuration.get(BLUR_SECURITY_SASL_PLAIN_PASSWORD);
@@ -117,6 +122,7 @@ public class SaslHelper {
     LOG.info("Setting SASL Server with authentication type [{0}]", type);
     switch (type) {
     case ANONYMOUS:
+    case LDAP:
     case CUSTOM:
       return getPlainTSaslServerTransportFactory(type, configuration);
     default:
@@ -184,6 +190,8 @@ public class SaslHelper {
       return new AnonymousAuthenticationProviderImpl(configuration);
     case CUSTOM:
       return new CustomAuthenticationProviderImpl(configuration);
+    case LDAP:
+      return new LdapAuthenticationProviderImpl(configuration);
     default:
       throw new IOException("Unsupported authentication method [" + type + "]");
     }


Mime
View raw message