View Javadoc

1   /**
2    * Originally contributed by eMation (www.emation.pt)
3    */
4   package org.itracker.services.authentication.adsson;
5   
6   import java.io.IOException;
7   import java.io.InputStream;
8   import java.security.AccessControlException;
9   import java.util.Properties;
10  
11  import javax.security.auth.Subject;
12  import javax.security.auth.login.LoginContext;
13  import javax.security.auth.login.LoginException;
14  
15  import org.apache.log4j.Logger;
16  
17  /**
18   * Performs a kerberos authenticated search in AD
19   *
20   * @author ricardo
21   */
22  public class ADIntegration {
23      
24      private static final String AD_AUTH_PROPERTIES_FILE = "adauth.properties";
25      private static final String PASSWORD = "password";
26      private static final String USERNAME = "username";
27      private static final String BASE_BRANCH = "basebranch";
28      private static final String PROVIDER_URL = "url";
29      
30      private final Logger logger;
31      private LoginContext lc = null;
32      private Properties adAuth;
33      
34      public ADIntegration() throws IOException {
35          this.logger = Logger.getLogger(getClass());
36          adAuth = new Properties();
37          InputStream is = getClass().getResourceAsStream( "/" + AD_AUTH_PROPERTIES_FILE);
38          if( is == null) {
39              String message = "Can't find " + AD_AUTH_PROPERTIES_FILE + " to get A.D. auth properties. This file should be in the root of your classpath or EAR file";
40              logger.error( message );
41              throw new IOException( message );
42          }
43          adAuth.load( is );
44      }
45      
46      public void login() throws LoginException {
47          try {
48              // 1. Log in (to Kerberos)
49              // The login context should be configured in login-config.xml
50              lc = new LoginContext("Helpdesk", new SimpleCallbackHandler( getUsername(), getPassword() ) );
51              // Attempt authentication
52              // You might want to do this in a "for" loop to give
53              // user more than one chance to enter correct username/password
54              lc.login();
55          } catch (IOException e) {
56              throw new LoginException( e.getMessage() );
57          }
58      }
59      
60      public Object getUserInfo(String login) throws AccessControlException {
61          // 2. Perform JNDI work as logged in subject
62          Object userInfo = Subject.doAs(lc.getSubject(), new GetUserModelFromADPrivilegedAction( login, getBaseBranch(), getProviderUrl() ));
63          
64          if( userInfo == null ) {
65              logger.error("Can't get info on " + login + " from A.D.");
66              throw new AccessControlException("Can't get info on " + login + " from A.D.");
67          }
68          
69          return( userInfo );
70      }
71      
72      /**
73       * @return
74       */
75      private String getProviderUrl() {
76          return( adAuth.getProperty( PROVIDER_URL ) );
77      }
78      
79      /**
80       * @return
81       */
82      private String getPassword() throws IOException {
83          return( adAuth.getProperty( PASSWORD ) );
84      }
85      
86      /**
87       * @return
88       */
89      private String getUsername() throws IOException {
90          return( adAuth.getProperty( USERNAME ) );
91      }
92      
93      /**
94       * @return
95       */
96      private String getBaseBranch() {
97          return( adAuth.getProperty( BASE_BRANCH ) );
98      }
99  }