Example usage for javax.naming.ldap StartTlsRequest StartTlsRequest

List of usage examples for javax.naming.ldap StartTlsRequest StartTlsRequest

  1. HOME
  2. Java
  3. javax
  4. javax.naming.ldap.*
  5. StartTlsRequest
  6. StartTlsRequest

Introduction

In this page you can find the example usage for javax.naming.ldap StartTlsRequest StartTlsRequest.

Prototype

public StartTlsRequest()

Source Link

Document

Constructs a StartTLS extended request.

Usage

From source file:org.lsc.jndi.JndiServices.java

private void initConnection() throws NamingException, IOException {
    // log new connection with it's details
    logConnectingTo(connProps);//from   w ww. j av  a 2  s .  com

    /* should we negotiate TLS? */
    if (connProps.get(TLS_CONFIGURATION) != null && (Boolean) connProps.get(TLS_CONFIGURATION)) {
        /* if we're going to do TLS, we mustn't BIND before the STARTTLS operation
         * so we remove credentials from the properties to stop JNDI from binding */
        /* duplicate properties to avoid changing them (they are used as a cache key in getInstance() */
        Properties localConnProps = new Properties();
        localConnProps.putAll(connProps);
        String jndiContextAuthentication = localConnProps.getProperty(Context.SECURITY_AUTHENTICATION);
        String jndiContextPrincipal = localConnProps.getProperty(Context.SECURITY_PRINCIPAL);
        String jndiContextCredentials = localConnProps.getProperty(Context.SECURITY_CREDENTIALS);
        localConnProps.remove(Context.SECURITY_AUTHENTICATION);
        localConnProps.remove(Context.SECURITY_PRINCIPAL);
        localConnProps.remove(Context.SECURITY_CREDENTIALS);

        /* open the connection */
        ctx = new InitialLdapContext(localConnProps, null);

        /* initiate the STARTTLS extended operation */
        try {
            tlsResponse = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
            tlsResponse.negotiate();
        } catch (IOException e) {
            LOGGER.error("Error starting TLS encryption on connection to {}",
                    localConnProps.getProperty(Context.PROVIDER_URL));
            LOGGER.debug(e.toString(), e);
            throw e;
        } catch (NamingException e) {
            LOGGER.error("Error starting TLS encryption on connection to {}",
                    localConnProps.getProperty(Context.PROVIDER_URL));
            LOGGER.debug(e.toString(), e);
            throw e;
        }

        /* now we add the credentials back to the context, to BIND once TLS is started */
        ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, jndiContextAuthentication);
        ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, jndiContextPrincipal);
        ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, jndiContextCredentials);

    } else {
        /* don't start TLS, just connect normally (this can be on ldap:// or ldaps://) */
        ctx = new InitialLdapContext(connProps, null);
    }

    /* get LDAP naming context */
    try {
        namingContext = new LdapUrl((String) ctx.getEnvironment().get(Context.PROVIDER_URL));
    } catch (LdapURLEncodingException e) {
        LOGGER.error(e.toString());
        LOGGER.debug(e.toString(), e);
        throw new NamingException(e.getMessage());
    }

    /* handle options */
    contextDn = namingContext.getDn() != null ? namingContext.getDn() : null;

    String pageSizeStr = (String) ctx.getEnvironment().get("java.naming.ldap.pageSize");
    if (pageSizeStr != null) {
        pageSize = Integer.parseInt(pageSizeStr);
    } else {
        pageSize = -1;
    }

    sortedBy = (String) ctx.getEnvironment().get("java.naming.ldap.sortedBy");

    String recursiveDeleteStr = (String) ctx.getEnvironment().get("java.naming.recursivedelete");
    if (recursiveDeleteStr != null) {
        recursiveDelete = Boolean.parseBoolean(recursiveDeleteStr);
    } else {
        recursiveDelete = false;
    }

    /* Load SyncRepl response control */
    LdapApiService ldapApiService = LdapApiServiceFactory.getSingleton();
    ControlFactory<?> factory = new SyncStateValueFactory(ldapApiService);
    ldapApiService.registerControl(factory);
    /* Load Persistent Search response control */
    factory = new PersistentSearchFactory(ldapApiService);
    ldapApiService.registerControl(factory);
}

From source file:org.sonar.plugins.ldap.LdapContextFactory.java

private InitialDirContext createInitialDirContext(String principal, String credentials, boolean pooling)
        throws NamingException {
    final InitialLdapContext ctx;
    if (startTLS) {
        // Note that pooling is not enabled for such connections, because "Stop TLS" is not performed.
        Properties env = new Properties();
        env.put(Context.INITIAL_CONTEXT_FACTORY, factory);
        env.put(Context.PROVIDER_URL, providerUrl);
        env.put(Context.REFERRAL, DEFAULT_REFERRAL);
        // At this point env should not contain properties SECURITY_AUTHENTICATION, SECURITY_PRINCIPAL and SECURITY_CREDENTIALS to avoid "bind" operation prior to StartTLS:
        ctx = new InitialLdapContext(env, null);
        // http://docs.oracle.com/javase/jndi/tutorial/ldap/ext/starttls.html
        StartTlsResponse tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
        try {//from   ww w .j av  a  2 s  .c  om
            tls.negotiate();
        } catch (IOException e) {
            NamingException ex = new NamingException("StartTLS failed");
            ex.initCause(e);
            throw ex;
        }
        // Explicitly initiate "bind" operation:
        ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, authentication);
        ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, principal);
        ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, credentials);
        ctx.reconnect(null);
    } else {
        ctx = new InitialLdapContext(getEnvironment(principal, credentials, pooling), null);
    }
    return ctx;
}