View Javadoc

1   /*
2    * Copyright 2000-2001,2004 The Apache Software Foundation.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.apache.jetspeed.services.security.ldap;
18  
19  import javax.naming.directory.BasicAttributes;
20  import javax.servlet.ServletConfig;
21  import org.apache.jetspeed.om.security.JetspeedUser;
22  import org.apache.jetspeed.om.security.UserNamePrincipal;
23  import org.apache.jetspeed.services.JetspeedSecurity;
24  import org.apache.jetspeed.services.JetspeedUserManagement;
25  import org.apache.jetspeed.services.rundata.JetspeedRunData;
26  import org.apache.jetspeed.services.rundata.JetspeedRunDataService;
27  import org.apache.jetspeed.services.security.FailedLoginException;
28  import org.apache.jetspeed.services.security.JetspeedSecurityCache;
29  import org.apache.jetspeed.services.security.JetspeedSecurityException;
30  import org.apache.jetspeed.services.security.JetspeedSecurityService;
31  import org.apache.jetspeed.services.security.LoginException;
32  import org.apache.jetspeed.services.security.PortalAuthentication;
33  import org.apache.jetspeed.services.security.UnknownUserException;
34  import org.apache.turbine.services.InitializationException;
35  import org.apache.turbine.services.TurbineBaseService;
36  import org.apache.turbine.services.TurbineServices;
37  import org.apache.turbine.services.resources.ResourceService;
38  import org.apache.turbine.services.rundata.RunDataService;
39  
40  /***
41   *
42   * @author <a href="mailto:ender@kilicoglu.nom.tr">Ender KILICOGLU</a>
43   * @author <a href="mailto:sami.leino@netorek.fi">Sami Leino</a>
44   *
45   * @version $Id: LDAPAuthentication.java,v 1.8 2004/02/23 03:52:33 jford Exp $ 
46   * 
47   */
48  public class LDAPAuthentication extends TurbineBaseService
49                                  implements PortalAuthentication
50  {
51      // Constants
52      private final static String CONFIG_ANONYMOUS_USER = "user.anonymous";
53      private final static String CACHING_ENABLE        = "caching.enable";
54  
55      // Instance variables.
56      private JetspeedRunDataService runDataService     = null;
57      private String anonymousUser                      = "anon";
58      private boolean cachingEnable                     = true;
59  
60      /***
61       * Given a public credential(username) and private credential(password),
62       * perform authentication. If authentication succeeds, a <code>JetspeedUser</code>
63       * is returned representing the authenticated subject.
64       *
65       * @param username a public credential of the subject to be authenticated.
66       * @param password a private credentialof the subject to be authenticated.
67       * @return a <code>JetspeedUser</code> object representing the authenticated subject.
68       * @exception LoginException when general security provider failure.
69       * @exception FailedLoginException when the authentication failed.
70       * @exception AccountExpiredException when the subject's account is expired.
71       * @exception CredentialExpiredException when the subject's credential is expired.
72       */
73      public JetspeedUser login(String username, String password)
74          throws LoginException
75      {
76  
77          if (username.equals(this.anonymousUser))
78          {
79              throw new LoginException("Anonymous user cannot login");
80          }
81  
82          JetspeedUser user = null;
83          BasicAttributes attr= new BasicAttributes();
84          String[] attrs = {"ou", "userPassword", "uid", "mail"};
85          String dN = null;
86  
87          username = JetspeedSecurity.convertUserName(username);
88          password = JetspeedSecurity.convertPassword(password);
89  
90          try
91          {
92              user = JetspeedUserManagement.getUser(new UserNamePrincipal(username));
93          }
94          catch (UnknownUserException e)
95          {
96              throw new FailedLoginException(e.toString());
97          }
98          catch (JetspeedSecurityException e)
99          {
100             throw new LoginException(e.toString());
101         }
102 
103         if(!LDAPUserManagement.passwordsMatch(user, password))
104         {
105             throw new FailedLoginException("Credential authentication failure");
106         }
107 
108         // Mark the user as being logged in.
109         user.setHasLoggedIn(new Boolean(true));
110 
111         // Store the clear-text password to session if some of the 
112         // portlets need it (for example to single-signon functionality) 
113         user.setTemp( "sessionPassword", password );
114 
115         // Set the last_login date in the database.
116         try
117         {
118             user.updateLastLogin();
119             putUserIntoContext(user);
120 
121             if (cachingEnable)
122             {
123                 JetspeedSecurityCache.load(username);
124             }
125         }
126         catch (Exception e)
127         {
128             putUserIntoContext(JetspeedSecurity.getAnonymousUser());
129             throw new LoginException("Failed to update last login ", e);
130         }
131 
132         return user;
133 
134     }
135     /***
136      * Automatically authenticates and retrieves the portal anonymous user.
137      *
138      * @return a <code>JetspeedUser</code> object representing the authenticated subject.
139      * @exception LoginException if the authentication fails.
140      */
141     public JetspeedUser getAnonymousUser()
142         throws LoginException
143     {
144         JetspeedUser user = null;
145 
146         try
147         {
148             user = JetspeedUserManagement.getUser(new UserNamePrincipal(anonymousUser));
149             user.setHasLoggedIn(new Boolean(false));
150             putUserIntoContext(user);
151  
152             if (cachingEnable)
153             {
154                 JetspeedSecurityCache.load(user.getUserName());
155             }
156 
157         }
158         catch (JetspeedSecurityException e)
159         {
160             throw new LoginException("Failed to get anonymous user: " + e);
161         }
162         return user;
163     }
164 
165     /***
166      * Logout the <code>JetspeedUser</code>.
167      *
168      * The logout procedure my may include removing/destroying
169      * <code>Principal</code> and <code>Credential</code> information
170      * if relevant to the security provider.
171      *
172      * @exception LoginException if the logout fails.
173      */
174     public void logout()
175         throws LoginException
176     {
177         try
178         {
179              // if (cachingEnable)
180              // {
181              //     JetspeedSecurityCache.unload(getUserFromContext().getUserName());
182              // }
183             getAnonymousUser();
184         }
185         catch (Exception e)
186         {
187             throw new LoginException("Exception logging user out ", e );
188         }
189     }
190 
191     /***
192      * This is the early initialization method called by the
193      * Turbine <code>Service</code> framework
194      * @param conf The <code>ServletConfig</code>
195      * @exception throws a <code>InitializationException</code> if the service
196      * fails to initialize
197      */
198     public synchronized void init(ServletConfig conf)
199         throws InitializationException
200     {
201         if (getInit()) return;
202         super.init(conf);
203 
204         // get configuration parameters from Jetspeed Resources
205         ResourceService serviceConf = ((TurbineServices)TurbineServices.getInstance())
206                                                      .getResources(JetspeedSecurityService.SERVICE_NAME);
207 
208         anonymousUser = serviceConf.getString(CONFIG_ANONYMOUS_USER, anonymousUser);
209         cachingEnable = serviceConf.getBoolean(CACHING_ENABLE, cachingEnable);
210 
211         this.runDataService =
212             (JetspeedRunDataService)TurbineServices.getInstance()
213                 .getService(RunDataService.SERVICE_NAME);
214 
215 
216         setInit(true);
217      }
218 
219     ////////////////////////////////////////////////////////////////////////////
220 
221     protected JetspeedRunData getRunData()
222     {
223         JetspeedRunData rundata = null;
224         if (this.runDataService != null)
225         {
226             rundata = this.runDataService.getCurrentRunData();
227         }
228         return rundata;
229     }
230 
231     protected JetspeedUser getUserFromContext()
232     {
233         JetspeedRunData rundata = getRunData();
234         JetspeedUser user = null;
235         if (rundata != null)
236         {
237             user = (JetspeedUser)rundata.getUser();
238         }
239         return user;
240     }
241 
242     protected JetspeedRunData putUserIntoContext(JetspeedUser user)
243     {
244         JetspeedRunData rundata = getRunData();
245         if (rundata != null)
246         {
247             rundata.setUser(user);
248             rundata.save();
249         }
250         return rundata;
251     }
252 
253 }