LdapCredentialHandler xref

View Javadoc

1   /* 
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    *
9    *     http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.jetspeed.security.spi.impl;
18  
19  import java.sql.Date;
20  import java.util.HashSet;
21  import java.util.Set;
22  
23  import javax.naming.NamingException;
24  
25  import org.apache.commons.lang.StringUtils;
26  import org.apache.commons.logging.Log;
27  import org.apache.commons.logging.LogFactory;
28  import org.apache.jetspeed.security.PasswordCredential;
29  import org.apache.jetspeed.security.SecurityException;
30  import org.apache.jetspeed.security.spi.CredentialHandler;
31  import org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao;
32  import org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDaoImpl;
33  
34  /***
35   * @see org.apache.jetspeed.security.spi.CredentialHandler
36   *
37   * @author <a href="mailto:mike.long@dataline.com">Mike Long</a>
38   */
39  public class LdapCredentialHandler implements CredentialHandler
40  {
41      /*** The logger. */
42      private static final Log LOG = LogFactory.getLog(LdapCredentialHandler.class);
43  
44      /*** The {@link LdapUserCredentialDao}. */
45      private LdapUserCredentialDao ldap;
46  
47      /***
48       * <p>
49       * Default constructor.
50       * </p>
51       */
52      public LdapCredentialHandler() throws NamingException, SecurityException
53      {
54          this(new LdapUserCredentialDaoImpl());
55      }
56  
57      /***
58       * <p>
59       * Constructor given a {@link LdapUserCredentialDao}.
60       * </p>
61       * 
62       * @param ldap The {@link LdapUserCredentialDao}.
63       * @throws NamingException A {@link NamingException}.
64       * @throws SecurityException A {@link SecurityException}.
65       */
66      public LdapCredentialHandler(LdapUserCredentialDao ldap) throws NamingException, SecurityException
67      {
68          this.ldap = ldap;
69      }
70  
71      /***
72       * @see org.apache.jetspeed.security.spi.CredentialHandler#getPublicCredentials(java.lang.String)
73       */
74      public Set getPublicCredentials(String username)
75      {
76          return new HashSet();
77      }
78  
79      /***
80       * @see org.apache.jetspeed.security.spi.CredentialHandler#getPrivateCredentials(java.lang.String)
81       */
82      public Set getPrivateCredentials(String uid)
83      {
84          Set privateCredentials = new HashSet();
85  
86          try
87          {
88              privateCredentials.add(new DefaultPasswordCredentialImpl(uid, ldap.getPassword(uid)));
89          }
90          catch (SecurityException e)
91          {
92              logSecurityException(e, uid);
93          }
94  
95          return privateCredentials;
96      }
97  
98      private void logSecurityException(SecurityException e, String uid)
99      {
100         if (LOG.isErrorEnabled())
101         {
102             LOG.error("Failure creating a PasswordCredential for InternalCredential uid:" + uid, e);
103         }
104     }
105 
106     
107     /***
108      * @see org.apache.jetspeed.security.spi.CredentialHandler#importPassword(java.lang.String,java.lang.String)
109      */
110     public void importPassword(String uid, String newPassword) throws SecurityException
111     {
112         ldap.changePassword(uid, newPassword);
113    }
114     
115     /***
116      * <p>
117      * Adds or updates a private password credential. <br>
118      * If <code>oldPassword</code> is not null, the oldPassword will first be
119      * checked (authenticated). <br>
120      * </p>
121      * 
122      * @param uid The LDAP uid attribute.
123      * @param oldPassword The old {@link PasswordCredential}.
124      * @param newPassword The new {@link PasswordCredential}.
125      * @throws SecurityException when the lookup fails because the user does not
126      *             exist or the non-null password is not correct. Throws a
127      *             {@link SecurityException}.
128      */
129     public void setPassword(String uid, String oldPassword, String newPassword) throws SecurityException
130     {
131         validate(uid, newPassword);
132 
133         if (!StringUtils.isEmpty(oldPassword))
134         {
135             ldap.authenticate(uid, oldPassword);
136         }
137 
138         ldap.changePassword(uid, newPassword);
139     }
140 
141     /***
142      * @see org.apache.jetspeed.security.spi.CredentialHandler#setPasswordEnabled(java.lang.String,
143      *      boolean)
144      */
145     public void setPasswordEnabled(String userName, boolean enabled) throws SecurityException
146     {
147         // TODO Implement this.
148     }
149 
150     /***
151      * @see org.apache.jetspeed.security.spi.CredentialHandler#setPasswordUpdateRequired(java.lang.String,
152      *      boolean)
153      */
154     public void setPasswordUpdateRequired(String userName, boolean updateRequired) throws SecurityException
155     {
156         // TODO Implement this.
157     }    
158 
159     /***
160      * @see org.apache.jetspeed.security.spi.CredentialHandler#setPasswordExpiration(java.lang.String, java.sql.Date)
161      */
162     public void setPasswordExpiration(String userName, Date expirationDate) throws SecurityException
163     {
164         // TODO Implement this
165         
166     }
167 
168     /***
169      * @see org.apache.jetspeed.security.spi.CredentialHandler#authenticate(java.lang.String, java.lang.String)
170      */
171     public boolean authenticate(String uid, String password) throws SecurityException
172     {
173         validate(uid, password);
174 
175         return ldap.authenticate(uid, password);
176     }
177 
178     /***
179      * <p>
180      * Validates the uid.
181      * </p>
182      * 
183      * @param uid The uid.
184      * @param password The password.
185      * @throws SecurityException Throws a {@link SecurityException}.
186      */
187     private void validate(String uid, String password) throws SecurityException
188     {
189         if (StringUtils.isEmpty(password))
190         {
191             throw new SecurityException(SecurityException.EMPTY_PARAMETER.create("password"));
192         }
193 
194         if (StringUtils.isEmpty(uid))
195         {
196             throw new SecurityException(SecurityException.EMPTY_PARAMETER.create("uid"));
197         }
198     }
199 }