List of usage examples for javax.naming.ldap InitialLdapContext InitialLdapContext
@SuppressWarnings("unchecked") public InitialLdapContext(Hashtable<?, ?> environment, Control[] connCtls) throws NamingException
From source file:net.identio.server.service.authentication.ldap.LdapConnectionFactory.java
private InitialLdapContext createContext(LdapAuthMethod ldapAuthMethod, String userDn, String password) throws NamingException { LOG.debug("Begin creation of an LDAP connection to: {}", ldapAuthMethod.getName()); int currentUrlIndexTs = currentUrlIndex; String currentUrl = ldapAuthMethod.getLdapUrl().get(currentUrlIndexTs); Hashtable<String, String> env = new Hashtable<>(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, currentUrl); if (currentUrl.startsWith("ldaps://")) { // Add a custom SSL Socket factory to validate server CA env.put("java.naming.ldap.factory.socket", "net.identio.server.service.authentication.ldap.LdapSslSocketFactory"); }/* w w w . j av a 2 s .co m*/ if (userDn != null) { env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_PRINCIPAL, userDn); env.put(Context.SECURITY_CREDENTIALS, password); } InitialLdapContext ctx; try { ctx = new InitialLdapContext(env, null); } catch (CommunicationException e) { LOG.error("Error when contacting LDAP server {}", ldapAuthMethod.getLdapUrl().get(currentUrlIndexTs)); if (ldapAuthMethod.getLdapUrl().size() > 1) { int newCurrentUrlIndex = currentUrlIndexTs < ldapAuthMethod.getLdapUrl().size() - 1 ? currentUrlIndexTs + 1 : 0; LOG.error("Switching to LDAP server {}", ldapAuthMethod.getLdapUrl().get(newCurrentUrlIndex)); currentUrlIndex = newCurrentUrlIndex; env.put(Context.PROVIDER_URL, ldapAuthMethod.getLdapUrl().get(newCurrentUrlIndex)); ctx = new InitialLdapContext(env, null); } else { throw e; } } return ctx; }
From source file:com.dianping.cat.system.page.login.service.SessionManager.java
public SessionManager() { super();/*from w w w . ja v a 2 s . c o m*/ AuthType type = AuthType.valueOf(CatPropertyProvider.INST.getProperty("CAT_AUTH_TYPE", "ADMIN_PWD")); switch (type) { case NOP: tokenCreator = new Function<Credential, Token>() { @Override public Token apply(Credential credential) { String account = credential.getAccount(); return new Token(account, account); } }; break; case LDAP: final String ldapUrl = CatPropertyProvider.INST.getProperty("CAT_LDAP_URL", null); if (StringUtils.isBlank(ldapUrl)) { throw new IllegalArgumentException("required CAT_LDAP_URL"); } final String userDnTpl = CatPropertyProvider.INST.getProperty("CAT_LDAP_USER_DN_TPL", null); if (StringUtils.isBlank(userDnTpl)) { throw new IllegalArgumentException("required CAT_LDAP_USER_DN_TPL"); } final String userDisplayAttr = CatPropertyProvider.INST.getProperty("CAT_LDAP_USER_DISPLAY_ATTR", null); final Pattern pattern = Pattern.compile("\\{0}"); final Matcher userDnTplMatcher = pattern.matcher(userDnTpl); final String[] attrs = userDisplayAttr == null ? null : new String[] { userDisplayAttr }; tokenCreator = new Function<Credential, Token>() { @Override public Token apply(Credential credential) { final String account = credential.getAccount(); final String pwd = credential.getPassword(); if (StringUtils.isEmpty(account) || StringUtils.isEmpty(pwd)) { return null; } Hashtable<String, String> env = new Hashtable<String, String>(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, ldapUrl);// LDAP server String userDn = userDnTplMatcher.replaceAll(account); env.put(Context.SECURITY_PRINCIPAL, pwd); env.put(Context.SECURITY_CREDENTIALS, pwd); try { InitialLdapContext context = new InitialLdapContext(env, null); final String baseDn = context.getNameInNamespace(); if (userDn.endsWith(baseDn)) { userDn = userDn.substring(0, userDn.length() - baseDn.length() - 1); } String displayName = null; if (attrs != null) { final Attributes attributes = context.getAttributes(userDn, attrs); if (attributes.size() > 0) { displayName = attributes.getAll().next().get().toString(); } } return new Token(account, displayName == null ? account : displayName); } catch (Exception e) { Cat.logError(e); return null; } } }; break; case ADMIN_PWD: final String p = CatPropertyProvider.INST.getProperty("CAT_ADMIN_PWD", "admin"); tokenCreator = new Function<Credential, Token>() { @Override public Token apply(Credential credential) { String account = credential.getAccount(); if ("admin".equals(account) && p.equals(credential.getPassword())) { return new Token(account, account); } return null; } }; break; } }
From source file:gda.jython.authenticator.LdapAuthenticator.java
private boolean checkAuthenticatedUsingServer(String ldapURL, String fedId, String password) throws NamingException { InitialLdapContext ctx = null; try {/*from w w w.j a va 2s .c o m*/ Hashtable<String, String> env = new Hashtable<String, String>(); String principal = "CN=" + fedId + adminName; env.put(Context.INITIAL_CONTEXT_FACTORY, ldapContext); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_PRINCIPAL, principal); env.put(Context.SECURITY_CREDENTIALS, password); env.put(Context.PROVIDER_URL, ldapURL); ctx = new InitialLdapContext(env, null); //if no exception then password is OK return true; } catch (AuthenticationException ae) { logger.error("LDAP AuthenticationException: " + StringEscapeUtils.escapeJava(ae.getMessage())); } finally { if (ctx != null) { try { ctx.close(); } catch (NamingException e) { } } } return false; }
From source file:alpine.auth.LdapConnectionWrapper.java
/** * Asserts a users credentials. Returns an LdapContext if assertion is successful * or an exception for any other reason. * * @param userDn the users DN to assert/*from w w w . j a v a 2 s .c o m*/ * @param password the password to assert * @return the LdapContext upon a successful connection * @throws NamingException when unable to establish a connection * @since 1.4.0 */ public LdapContext createLdapContext(String userDn, String password) throws NamingException { if (StringUtils.isEmpty(userDn) || StringUtils.isEmpty(password)) { throw new NamingException("Username or password cannot be empty or null"); } final Hashtable<String, String> env = new Hashtable<>(); if (StringUtils.isNotBlank(LDAP_SECURITY_AUTH)) { env.put(Context.SECURITY_AUTHENTICATION, LDAP_SECURITY_AUTH); } env.put(Context.SECURITY_PRINCIPAL, userDn); env.put(Context.SECURITY_CREDENTIALS, password); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, LDAP_URL); if (IS_LDAP_SSLTLS) { env.put("java.naming.ldap.factory.socket", "alpine.crypto.RelaxedSSLSocketFactory"); } try { return new InitialLdapContext(env, null); } catch (CommunicationException e) { LOGGER.error("Failed to connect to directory server", e); throw (e); } catch (NamingException e) { throw new NamingException("Failed to authenticate user"); } }
From source file:org.picketlink.idm.performance.TestBase.java
public LdapContext getLdapContext() throws Exception { Hashtable<String, String> env = new Hashtable<String, String>(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, LDAP_PROVIDER_URL); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_PRINCIPAL, LDAP_PRINCIPAL); env.put(Context.SECURITY_CREDENTIALS, LDAP_CREDENTIALS); return new InitialLdapContext(env, null); }
From source file:de.sub.goobi.helper.ldap.Ldap.java
/** * Check if connection with login and password possible. * * @param inBenutzer// w w w . j a va 2 s .c om * User object * @param inPasswort * String * @return Login correct or not */ public boolean isUserPasswordCorrect(User inBenutzer, String inPasswort) { logger.debug("start login session with ldap"); Hashtable<String, String> env = getLdapConnectionSettings(); // Start TLS if (ConfigCore.getBooleanParameter("ldap_useTLS", false)) { logger.debug("use TLS for auth"); env = new Hashtable<>(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, ConfigCore.getParameter("ldap_url")); env.put("java.naming.ldap.version", "3"); LdapContext ctx = null; StartTlsResponse tls = null; try { ctx = new InitialLdapContext(env, null); // Authentication must be performed over a secure channel tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest()); tls.negotiate(); // Authenticate via SASL EXTERNAL mechanism using client X.509 // certificate contained in JVM keystore ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple"); ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, getUserDN(inBenutzer)); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, inPasswort); ctx.reconnect(null); return true; // Perform search for privileged attributes under authenticated // context } catch (IOException e) { logger.error("TLS negotiation error:", e); return false; } catch (NamingException e) { logger.error("JNDI error:", e); return false; } finally { if (tls != null) { try { // Tear down TLS connection tls.close(); } catch (IOException e) { logger.error(e); } } if (ctx != null) { try { // Close LDAP connection ctx.close(); } catch (NamingException e) { logger.error(e); } } } } else { logger.debug("don't use TLS for auth"); if (ConfigCore.getBooleanParameter("useSimpleAuthentification", false)) { env.put(Context.SECURITY_AUTHENTICATION, "none"); // TODO auf passwort testen } else { env.put(Context.SECURITY_PRINCIPAL, getUserDN(inBenutzer)); env.put(Context.SECURITY_CREDENTIALS, inPasswort); } logger.debug("ldap environment set"); try { if (logger.isDebugEnabled()) { logger.debug("start classic ldap authentification"); logger.debug("user DN is " + getUserDN(inBenutzer)); } if (ConfigCore.getParameter("ldap_AttributeToTest") == null) { logger.debug("ldap attribute to test is null"); DirContext ctx = new InitialDirContext(env); ctx.close(); return true; } else { logger.debug("ldap attribute to test is not null"); DirContext ctx = new InitialDirContext(env); Attributes attrs = ctx.getAttributes(getUserDN(inBenutzer)); Attribute la = attrs.get(ConfigCore.getParameter("ldap_AttributeToTest")); logger.debug("ldap attributes set"); String test = (String) la.get(0); if (test.equals(ConfigCore.getParameter("ldap_ValueOfAttribute"))) { logger.debug("ldap ok"); ctx.close(); return true; } else { logger.debug("ldap not ok"); ctx.close(); return false; } } } catch (NamingException e) { if (logger.isDebugEnabled()) { logger.debug("login not allowed for " + inBenutzer.getLogin(), e); } return false; } } }
From source file:info.jtrac.acegi.JtracLdapAuthenticationProvider.java
/** * displayName and mail are returned always, the map allows us to support * getting arbitrary properties in the future, hopefully *//*from w w w . ja v a2 s . c o m*/ public Map<String, String> bind(String loginName, String password) throws Exception { Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, ldapUrl); env.put(Context.SECURITY_AUTHENTICATION, "simple"); LdapContext ctx = null; if (activeDirectoryDomain != null) { // we are using Active Directory Control[] controls = new Control[] { control }; ctx = new InitialLdapContext(env, controls); logger.debug("Active Directory LDAP context initialized"); ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, activeDirectoryDomain + "\\" + loginName); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password); // javax.naming.AuthenticationException ctx.reconnect(controls); logger.debug("Active Directory LDAP bind successful"); } else { // standard LDAP env.put(Context.SECURITY_PRINCIPAL, searchKey + "=" + loginName + "," + searchBase); env.put(Context.SECURITY_CREDENTIALS, password); ctx = new InitialLdapContext(env, null); logger.debug("Standard LDAP bind successful"); } SearchControls sc = new SearchControls(); sc.setSearchScope(SearchControls.SUBTREE_SCOPE); sc.setReturningAttributes(returningAttributes); NamingEnumeration results = ctx.search(searchBase, searchKey + "=" + loginName, sc); while (results.hasMoreElements()) { SearchResult sr = (SearchResult) results.next(); Attributes attrs = sr.getAttributes(); logger.debug("attributes: " + attrs); Map<String, String> map = new HashMap<String, String>(returningAttributes.length); for (String key : returningAttributes) { Attribute attr = attrs.get(key); if (attr != null) { map.put(key, (String) attr.get()); } } return map; // there should be only one anyway } // if we reached here, there was no search result throw new Exception("no results returned from ldap"); }
From source file:com.wfp.utils.LDAPUtils.java
/** * Overloaded method for getting the LDAP COntext based on the host,username, password * @param host/*from w w w . j a v a 2 s . c o m*/ * @param adminName * @param adminPassword * @return * @throws NamingException */ @SuppressWarnings("unchecked") public static LdapContext getLDAPContext(String host, String adminName, String adminPassword) throws NamingException { //Logger.info("Creating LDAP Context", LDAPUtils.class); Hashtable props = System.getProperties(); props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); props.put(Context.SECURITY_AUTHENTICATION, LDAP_SECURITY_AUTHENTICATION); props.put(Context.SECURITY_PRINCIPAL, adminName); props.put(Context.SECURITY_CREDENTIALS, adminPassword); props.put(Context.PROVIDER_URL, host); if (!StringUtils.isNull(LDAPConfigUtils.getTrustStorePath())) { System.setProperty("javax.net.ssl.trustStore", LDAPConfigUtils.getTrustStorePath()); props.put(Context.SECURITY_PROTOCOL, "ssl"); } //Logger.info("Completed creating LDAP Context for host ["+host+"]", LDAPUtils.class); return (new InitialLdapContext(props, null)); }
From source file:com.communote.server.test.ldap.AbstractApacheDSServer.java
/** * Common code to get an initial context via a simple bind to the server over the wire using the * SUN JNDI LDAP provider. Do not use this method until after the setUp() method is called to * start the server otherwise it will fail. * * @param bindPrincipalDn/*from w w w. j ava2s. co m*/ * the DN of the principal to bind as * @param password * the password of the bind principal * @return an LDAP context as the the administrator to the rootDSE * @throws Exception * if the server cannot be contacted */ protected LdapContext getWiredContext(String bindPrincipalDn, String password) throws Exception { // if ( ! apacheDS.isStarted() ) // { // throw new ConfigurationException( "The server is not online! Cannot connect to it." ); // } Hashtable<String, String> env = new Hashtable<String, String>(); env.put(Context.INITIAL_CONTEXT_FACTORY, CTX_FACTORY); env.put(Context.PROVIDER_URL, "ldap://localhost:" + getPort()); env.put(Context.SECURITY_PRINCIPAL, bindPrincipalDn); env.put(Context.SECURITY_CREDENTIALS, password); env.put(Context.SECURITY_AUTHENTICATION, "simple"); return new InitialLdapContext(env, null); }
From source file:com.nridge.core.app.ldap.ADQuery.java
/** * Opens a connection to Active Directory by establishing an initial LDAP * context. The security principal and credentials are assigned the * account name and password parameters. * * @param anAcountDN Active Directory account name (DN format). * @param anAccountPassword Active Directory account password. * * @throws NSException Thrown if an LDAP naming exception is occurs. *//* w w w . j av a 2 s.c om*/ @SuppressWarnings("unchecked") public void open(String anAcountDN, String anAccountPassword) throws NSException { Logger appLogger = mAppMgr.getLogger(this, "open"); appLogger.trace(mAppMgr.LOGMSG_TRACE_ENTER); // LDAP Reference - http://docs.oracle.com/javase/1.5.0/docs/guide/jndi/jndi-ldap-gl.html Hashtable<String, String> environmentalVariables = new Hashtable<String, String>(); environmentalVariables.put("com.sun.jndi.ldap.connect.pool", StrUtl.STRING_TRUE); environmentalVariables.put(Context.PROVIDER_URL, getPropertyValue("domain_url", null)); environmentalVariables.put("java.naming.ldap.attributes.binary", "tokenGroups objectSid"); environmentalVariables.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); environmentalVariables.put(Context.SECURITY_PRINCIPAL, anAcountDN); environmentalVariables.put(Context.SECURITY_CREDENTIALS, anAccountPassword); // Referral options: follow, throw, ignore (default) environmentalVariables.put(Context.REFERRAL, getPropertyValue("referral_handling", "ignore")); // Authentication options: simple, DIGEST-MD5 CRAM-MD5 environmentalVariables.put(Context.SECURITY_AUTHENTICATION, getPropertyValue("authentication", "simple")); try { mLdapContext = new InitialLdapContext(environmentalVariables, null); } catch (NamingException e) { String msgStr = String.format("LDAP Context Error: %s", e.getMessage()); appLogger.error(msgStr, e); throw new NSException(msgStr); } appLogger.trace(mAppMgr.LOGMSG_TRACE_DEPART); }