Example usage for javax.naming Context SECURITY_AUTHENTICATION

List of usage examples for javax.naming Context SECURITY_AUTHENTICATION

Introduction

In this page you can find the example usage for javax.naming Context SECURITY_AUTHENTICATION.

Prototype

String SECURITY_AUTHENTICATION

To view the source code for javax.naming Context SECURITY_AUTHENTICATION.

Click Source Link

Document

Constant that holds the name of the environment property for specifying the security level to use.

Usage

From source file:org.apache.ambari.server.serveraction.kerberos.ADKerberosOperationHandler.java

/**
 * Helper method to create the LDAP context needed to interact with the Active Directory.
 *
 * @return the relevant LdapContext//from w w  w  .  ja va  2s .com
 * @throws KerberosKDCConnectionException       if a connection to the KDC cannot be made
 * @throws KerberosAdminAuthenticationException if the administrator credentials fail to authenticate
 * @throws KerberosRealmException               if the realm does not map to a KDC
 * @throws KerberosOperationException           if an unexpected error occurred
 */
protected LdapContext createLdapContext() throws KerberosOperationException {
    KerberosCredential administratorCredentials = getAdministratorCredentials();

    Properties properties = new Properties();
    properties.put(Context.INITIAL_CONTEXT_FACTORY, LDAP_CONTEXT_FACTORY_CLASS);
    properties.put(Context.PROVIDER_URL, ldapUrl);
    properties.put(Context.SECURITY_PRINCIPAL, administratorCredentials.getPrincipal());
    properties.put(Context.SECURITY_CREDENTIALS, administratorCredentials.getPassword());
    properties.put(Context.SECURITY_AUTHENTICATION, "simple");
    properties.put(Context.REFERRAL, "follow");
    properties.put("java.naming.ldap.factory.socket", TrustingSSLSocketFactory.class.getName());

    try {
        return createInitialLdapContext(properties, null);
    } catch (CommunicationException e) {
        String message = String.format("Failed to communicate with the Active Directory at %s: %s", ldapUrl,
                e.getMessage());
        LOG.warn(message, e);
        throw new KerberosKDCConnectionException(message, e);
    } catch (AuthenticationException e) {
        String message = String.format("Failed to authenticate with the Active Directory at %s: %s", ldapUrl,
                e.getMessage());
        LOG.warn(message, e);
        throw new KerberosAdminAuthenticationException(message, e);
    } catch (NamingException e) {
        String error = e.getMessage();

        if ((error != null) && !error.isEmpty()) {
            String message = String.format("Failed to communicate with the Active Directory at %s: %s", ldapUrl,
                    e.getMessage());
            LOG.warn(message, e);

            if (error.startsWith("Cannot parse url:")) {
                throw new KerberosKDCConnectionException(message, e);
            } else {
                throw new KerberosOperationException(message, e);
            }
        } else {
            throw new KerberosOperationException("Unexpected error condition", e);
        }
    }
}

From source file:org.apache.cloudstack.ldap.LdapContextFactory.java

private void setAuthentication(final Hashtable<String, String> environment, final boolean isSystemContext,
        final Long domainId) {
    final String authentication = _ldapConfiguration.getAuthentication(domainId);

    if ("none".equals(authentication) && !isSystemContext) {
        environment.put(Context.SECURITY_AUTHENTICATION, "simple");
    } else {// w w w. j  a v  a2  s  . c om
        environment.put(Context.SECURITY_AUTHENTICATION, authentication);
    }
}

From source file:org.apache.directory.server.core.jndi.LdapJndiPropertiesTest.java

License:asdf

@Test
public void testAuthWithNoCredsEnv() throws Exception {
    Hashtable<String, Object> env = new Hashtable<String, Object>();
    env.put(Context.SECURITY_PRINCIPAL, "");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    try {/* w w w  .  ja v a2 s  .c o m*/
        LdapJndiProperties.getLdapJndiProperties(env);
        fail("should never get here");
    } catch (ConfigurationException e) {
    }
}

From source file:org.apache.directory.server.core.jndi.LdapJndiPropertiesTest.java

License:asdf

@Test
public void testAuthWithNoCredsStrong() throws Exception {
    Hashtable<String, Object> env = new Hashtable<String, Object>();
    env.put(Context.SECURITY_PRINCIPAL, "");
    env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5 CRAM-MD5");
    env.put(Context.PROVIDER_URL, "");
    LdapJndiProperties props = LdapJndiProperties.getLdapJndiProperties(env);
    assertEquals(AuthenticationLevel.STRONG, props.getAuthenticationLevel());
    assertTrue(props.getCredentials() == null);
}

From source file:org.apache.directory.server.core.jndi.LdapJndiPropertiesTest.java

License:asdf

@Test
public void testAuthWithCredsStrong() throws Exception {
    Hashtable<String, Object> env = new Hashtable<String, Object>();
    env.put(Context.SECURITY_PRINCIPAL, "");
    env.put(Context.SECURITY_CREDENTIALS, "asdf");
    env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5 CRAM-MD5");
    env.put(Context.PROVIDER_URL, "");
    LdapJndiProperties props = LdapJndiProperties.getLdapJndiProperties(env);
    assertEquals(AuthenticationLevel.STRONG, props.getAuthenticationLevel());
    assertTrue(ArrayUtils.isEquals(Strings.getBytesUtf8("asdf"), props.getCredentials()));
}

From source file:org.apache.directory.server.ldap.handlers.sasl.AbstractSaslCallbackHandler.java

/**
 * Convenience method for getting an environment suitable for acquiring
 * an {@link LdapContext} for the client.
 * /*from  w  w w . ja  v  a  2 s.c  o m*/
 * @param session The current session.
 * @return An environment suitable for acquiring an {@link LdapContext} for the client.
 */
protected Hashtable<String, Object> getEnvironment(IoSession session) {
    Hashtable<String, Object> env = new Hashtable<>();
    env.put(Context.PROVIDER_URL, session.getAttribute("baseDn"));
    env.put(Context.INITIAL_CONTEXT_FACTORY, "org.apache.directory.server.core.jndi.CoreContextFactory");
    env.put(Context.SECURITY_PRINCIPAL, ServerDNConstants.ADMIN_SYSTEM_DN);
    env.put(Context.SECURITY_CREDENTIALS, "secret");
    env.put(Context.SECURITY_AUTHENTICATION, AuthenticationLevel.SIMPLE.toString());

    return env;
}

From source file:org.apache.directory.server.operations.bind.MiscBindIT.java

/**
 * Test to make sure anonymous binds are disabled when going through
 * the wire protocol./* ww  w. ja  va  2  s . c  o  m*/
 *
 * @throws Exception if anything goes wrong
 */
@Test
public void testDisableAnonymousBinds() throws Exception {
    getLdapServer().getDirectoryService().setAllowAnonymousAccess(false);

    // Use the SUN JNDI provider to hit server port and bind as anonymous
    final Hashtable<String, Object> env = new Hashtable<String, Object>();

    env.put(Context.PROVIDER_URL, Network.ldapLoopbackUrl(getLdapServer().getPort()) + "/ou=system");
    env.put(Context.SECURITY_AUTHENTICATION, "none");
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

    try {
        new InitialDirContext(env);
        fail();
    } catch (Exception e) {
        // We should get here
    }

    try {
        // Use the netscape API as JNDI cannot be used to do a search without
        // first binding.
        LDAPUrl url = new LDAPUrl(Network.LOOPBACK_HOSTNAME, getLdapServer().getPort(), "ou=system",
                new String[] { "vendorName" }, 0, "(ObjectClass=*)");
        LDAPConnection.search(url);

        fail();
    } catch (LDAPException e) {
        // Expected result
    }
}

From source file:org.apache.directory.server.operations.bind.MiscBindIT.java

/**
 * Test to make sure anonymous binds are allowed on the RootDSE even when disabled
 * in general when going through the wire protocol.
 *
 * @throws Exception if anything goes wrong
 */// w  w  w  .  j  a v  a2  s  .  c o  m
@Test
public void testEnableAnonymousBindsOnRootDse() throws Exception {
    getLdapServer().getDirectoryService().setAllowAnonymousAccess(true);

    // Use the SUN JNDI provider to hit server port and bind as anonymous
    Hashtable<String, Object> env = new Hashtable<String, Object>();

    env.put(Context.PROVIDER_URL, Network.ldapLoopbackUrl(getLdapServer().getPort()));
    env.put(Context.SECURITY_AUTHENTICATION, "none");
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

    InitialDirContext ctx = new InitialDirContext(env);
    SearchControls cons = new SearchControls();
    cons.setSearchScope(SearchControls.OBJECT_SCOPE);
    NamingEnumeration<SearchResult> list = ctx.search("", "(objectClass=*)", cons);

    SearchResult result = null;

    if (list.hasMore()) {
        result = list.next();
    }

    assertFalse(list.hasMore());
    list.close();

    assertNotNull(result);
    assertEquals("", result.getName().trim());
}

From source file:org.apache.directory.server.operations.bind.MiscBindIT.java

/**
 * Test to make sure that if anonymous binds are allowed a user may search
 * within a a partition.//www .ja v  a  2 s  .  c  o  m
 *
 * @throws Exception if anything goes wrong
 */
@Test
public void testAnonymousBindsEnabledBaseSearch() throws Exception {
    getLdapServer().getDirectoryService().setAllowAnonymousAccess(true);

    // Use the SUN JNDI provider to hit server port and bind as anonymous
    Hashtable<String, Object> env = new Hashtable<String, Object>();

    env.put(Context.PROVIDER_URL, Network.ldapLoopbackUrl(getLdapServer().getPort()));
    env.put(Context.SECURITY_AUTHENTICATION, "none");
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

    InitialDirContext ctx = new InitialDirContext(env);
    SearchControls cons = new SearchControls();
    cons.setSearchScope(SearchControls.OBJECT_SCOPE);
    NamingEnumeration<SearchResult> list = ctx.search("dc=apache,dc=org", "(objectClass=*)", cons);
    SearchResult result = null;

    if (list.hasMore()) {
        result = list.next();
    }

    assertFalse(list.hasMore());
    list.close();

    assertNotNull(result);
    assertNotNull(result.getAttributes().get("dc"));
}

From source file:org.apache.directory.server.operations.bind.MiscBindIT.java

/**
 * Test case for <a href="http://issues.apache.org/jira/browse/DIREVE-284" where users in
 * mixed case partitions were not able to authenticate properly.  This test case creates
 * a new partition under dc=aPache,dc=org, it then creates the example user in the JIRA
 * issue and attempts to authenticate as that user.
 *
 * @throws Exception if the user cannot authenticate or test fails
 *///w  ww.java 2  s  .  c  om
@Test
public void testUserAuthOnMixedCaseSuffix() throws Exception {
    getLdapServer().getDirectoryService().setAllowAnonymousAccess(true);

    Hashtable<String, Object> env = new Hashtable<String, Object>();

    env.put(Context.PROVIDER_URL, Network.ldapLoopbackUrl(getLdapServer().getPort()) + "/dc=aPache,dc=org");
    env.put("java.naming.ldap.version", "3");
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    InitialDirContext ctx = new InitialDirContext(env);
    Attributes attrs = ctx.getAttributes("");
    assertTrue(attrs.get("dc").get().equals("aPache"));

    Attributes user = new BasicAttributes("cn", "Kate Bush", true);
    Attribute oc = new BasicAttribute("objectClass");
    oc.add("top");
    oc.add("person");
    oc.add("organizationalPerson");
    oc.add("inetOrgPerson");
    user.put(oc);
    user.put("sn", "Bush");
    user.put("userPassword", "Aerial");
    ctx.createSubcontext("cn=Kate Bush", user);

    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_CREDENTIALS, "Aerial");
    env.put(Context.SECURITY_PRINCIPAL, "cn=Kate Bush,dc=aPache,dc=org");

    InitialDirContext userCtx = new InitialDirContext(env);
    assertNotNull(userCtx);

    ctx.destroySubcontext("cn=Kate Bush");
}