diff --git a/sandbox/src/main/java/org/acegisecurity/providers/dao/ldap/InitialDirContextFactoryBean.java b/sandbox/src/main/java/org/acegisecurity/providers/dao/ldap/InitialDirContextFactoryBean.java deleted file mode 100644 index 33a00a609c..0000000000 --- a/sandbox/src/main/java/org/acegisecurity/providers/dao/ldap/InitialDirContextFactoryBean.java +++ /dev/null @@ -1,222 +0,0 @@ -package org.acegisecurity.providers.dao.ldap; - -import java.util.Hashtable; -import java.util.Map; - -import javax.naming.AuthenticationException; -import javax.naming.Context; -import javax.naming.NamingException; -import javax.naming.directory.InitialDirContext; -import org.springframework.dao.DataAccessResourceFailureException; - -/** - * Convient base class and/or bean which can be used to create DirContext objects. - * Many user's will only need to set to Url property. - * - *
- * Eample:
- *
- *
- *
- *
- *
- *
Example:
- * ldap://dir.mycompany.com:389/dc=mycompany,dc=com
- * (port 389 is the standard LDAP port).
- *
- * If this property is not set, then the default behavor is - * to connect to the LDAP server anonymously. - *
- * - * - * @param managerUser Name of the user (typically a fully qualified DN) which - * will be used to authenticate with the LDAP server when initiating LDAP connections. - */ - public void setManagerUser(String managerUser) { - this.managerUser = managerUser; - } - - /** - * @return The URL of the LDAP host to connect to, including port (if non-default), - * and the base DN from which other operations will be relative to. - */ - public String getUrl() { - return url; - } - - /** - * LDAP URL (with or without the port) of the LDAP server to connect to. - *Example:
- * ldap://dir.mycompany.com:389/dc=mycompany,dc=com
- * (port 389 is the standard LDAP port) so the example above could also be:
- * ldap://dir.mycompany.com/dc=mycompany,dc=com
- *
The following examples would be linked into the main Acegi
- * configuration by:
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- * I haven't been able to test this directly,
- * but something like the following should do the trick:
- *
- *
- *
- *
- * (if anyone gets this to work please let me know so I can include it
- * in the documentation).
- *
- * Examples:
- * 'Normal' LDAP: "cn={0}"
- * Active Directory style LDAP: "{0}@AD_Domain"
- *
Example: "uid={0},ou=users"
- * - */ - private MessageFormat userLookupNameFormat = null; - - /** List of LDAP Attributes which contian role name information. */ - private String[] roleAttributes = {"memberOf"}; - - /** The role, which if non-null, will be grated the user if the user has no other roles. */ - private String defaultRole = null; - - public UserDetails loadUserByUsernameAndPassword(String username, String password) throws DataAccessException, BadCredentialsException { - if ((password == null) || (password.length() == 0)) { - throw new BadCredentialsException("Empty password"); - } - - String ldapUsername = (null == usernameFormat) ? username : usernameFormat.format( new Object[]{username} ); - if (logger.isDebugEnabled()) { - logger.debug("Connecting to " + this.getUrl() + " as " + ldapUsername); - } - - InitialDirContext dirContext = null; - try { - dirContext = newInitialDirContext(ldapUsername, password); - } catch (AuthenticationException ax) { - throw new BadCredentialsException(BAD_CREDENTIALS_EXCEPTION_MESSAGE, ax); - } - if (null == dirContext) { - throw new BadCredentialsException(BAD_CREDENTIALS_EXCEPTION_MESSAGE); - } - - String[] roles = null; - if (null != roleAttributes) { - try { - String userContextName = (null == userLookupNameFormat) ? "" : - userLookupNameFormat.format(new Object[]{username, ldapUsername}); - roles = getRolesFromContext(dirContext, userContextName); - } catch (NamingException e) { - throw new DataAccessResourceFailureException("Unable to retrieve role information from LDAP Server.", e); - } - } - if ((null == roles) && (null != defaultRole)) { - roles = new String[] {defaultRole}; - } - - return new User(username, password, true, true, true, true, toGrantedAuthority(roles) ); - } - - /** Converts from an Array of String rolenames to an array of GrantedAuthority objects. - * This is a possible extension point for sub-classes to enrich the behavior of how - * the GrantedAuthority array is constucted. - * - * @param rolenames Array of Strings representing the names of the - * roles that the user has been granted according to the LDAP server. - * @return Array of GrantedAuthority objects which will be associated with the User's UserDetails. - */ - protected GrantedAuthority[] toGrantedAuthority(String[] rolenames) { - if ((null == rolenames) || (rolenames.length == 0)) { - return null; - } - - GrantedAuthority[] grantedAuthorities = new GrantedAuthority[rolenames.length]; - for (int i = 0; i < rolenames.length; i++) { - grantedAuthorities[i] = toGrantedAuthority(rolenames[i]); - } - - return grantedAuthorities; - } - - /** This is a possible extension point for sub-classes to enrich the behavior of how - * the GrantedAuthority object is constucted. - * - * @param rolename Name of an LDAP role which is granted to the user. - * @return GrantedAuthority object which represents the granted role. - */ - protected GrantedAuthority toGrantedAuthority(String rolename) { - GrantedAuthority ga = new GrantedAuthorityImpl( rolename ); - return ga; - } - - /** - * - * @param ctx The LDAP DirContext retrieved by the user login. - * @return An array of roles granted the user found by searching all attributes named in the roleAttributes field. - * @throws NamingException - */ - protected String[] getRolesFromContext(DirContext ctx, String dnOfUser) throws NamingException { - if (null == roleAttributes) { - return null; - } - - if (logger.isDebugEnabled()) { - String rolesString = ""; - - for (int i = 0; i < roleAttributes.length; i++) { - rolesString += (", " + roleAttributes[i]); - } - - logger.debug("Searching ldap context for roles using attributes: " + rolesString.substring(1)); - } - - ArrayList roles = new ArrayList(); - Attributes attrs = null; - if (null == usernameFormat) { - attrs = ctx.getAttributes("", roleAttributes); - } else { - attrs = ctx.getAttributes(dnOfUser, roleAttributes); - } - - if (null != attrs) { - NamingEnumeration attrsEnum = attrs.getAll(); - while ((attrsEnum != null) && (attrsEnum.hasMore())) { - Attribute attr = (Attribute)attrsEnum.next(); - if (null != attr) { - ArrayList list = getRolesFromAttribute( attr ); - if (null != list) { - roles.addAll( list ); - } - } - } - } - - if (roles.isEmpty()) { - return null; - } else { - return (String[])roles.toArray( new String[roles.size()] ); - } - } - - protected ArrayList getRolesFromAttribute(Attribute attr) throws NamingException { - NamingEnumeration rolesEnum = attr.getAll(); - if (null == rolesEnum) { - return null; - } - - ArrayList roles = new ArrayList(); - while (rolesEnum.hasMore()) { - String rolename = (String)rolesEnum.next(); - if (null != rolename) { - roles.add( convertLdapRolename(rolename) ); - } - } - return roles; - } - - protected String convertLdapRolename(String name) { - //System.out.println("Found LDAP UserRole = " + name); - return name.toUpperCase(); - } - - public String getDefaultRole() { - return defaultRole; - } - - public void setDefaultRole(String defaultRole) { - this.defaultRole = defaultRole; - } - - public String[] getRoleAttributes() { - return roleAttributes; - } - - /** List of LDAP Attributes which contian role name information. */ - public void setRoleAttributes(String[] roleAttributes) { - this.roleAttributes = roleAttributes; - } - - /** Utility method to set a single attribute which contains role information. - * @see setRoleAttributes - */ - public void setRoleAttribute(String roleAttribute) { - setRoleAttributes(new String[]{ roleAttribute }); - } - - public String getUsernameFormat() { - if (null == usernameFormat) { - return null; - } else { - return usernameFormat.toPattern(); - } - } - - /** Pattern used to turn the user's supplied username into the - * username format the LDAP server expects. - * - *
- * Examples:
- * 'Normal' LDAP: "cn={0}"
- * Active Directory style LDAP: "{0}@AD_Domain"
- *
- * Used with the {@link PasswordDaoAuthenticationProvider}. - *
- * - *- * The interface requires only one read-only method, which simplifies support - * of new data access strategies. - *
- * - * @deprecated instead subclass {@link org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider} - * @author Karel Miarka - */ -public interface PasswordAuthenticationDao { - //~ Methods ================================================================ - - /** - * Locates the user based on the username and password. In the actual - * implementation, the search may possibly be case sensitive, or case - * insensitive depending on how the implementaion instance is configured. - * In this case, theUserDetails
object that comes back may
- * have a username that is of a different case than what was actually
- * requested.
- *
- *
- * The implementation is responsible for password validation. It must throw
- * BadCredentialsException
(or subclass of that exception if
- * desired) if the provided password is invalid.
- *
- * The implementation is responsible for filling the username and password
- * parameters into the implementation of UserDetails
.
- *
GrantedAuthority
s
- */
- public UserDetails loadUserByUsernameAndPassword(String username,
- String password) throws DataAccessException, BadCredentialsException;
-}
diff --git a/sandbox/src/main/java/org/acegisecurity/providers/dao/ldap/PasswordDaoAuthenticationProvider.java b/sandbox/src/main/java/org/acegisecurity/providers/dao/ldap/PasswordDaoAuthenticationProvider.java
deleted file mode 100644
index 58501037f3..0000000000
--- a/sandbox/src/main/java/org/acegisecurity/providers/dao/ldap/PasswordDaoAuthenticationProvider.java
+++ /dev/null
@@ -1,246 +0,0 @@
-/* Copyright 2004, 2005 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.acegisecurity.providers.dao.ldap;
-
-import org.acegisecurity.AccountExpiredException;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.AuthenticationException;
-import org.acegisecurity.AuthenticationServiceException;
-import org.acegisecurity.CredentialsExpiredException;
-import org.acegisecurity.DisabledException;
-import org.acegisecurity.LockedException;
-import org.acegisecurity.providers.AuthenticationProvider;
-import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
-import org.acegisecurity.providers.dao.DaoAuthenticationProvider;
-import org.acegisecurity.providers.dao.UserCache;
-import org.acegisecurity.providers.dao.cache.NullUserCache;
-import org.acegisecurity.userdetails.UserDetails;
-
-import org.springframework.beans.factory.InitializingBean;
-
-import org.springframework.dao.DataAccessException;
-
-import org.springframework.util.Assert;
-
-
-/**
- * An {@link AuthenticationProvider} implementation that retrieves user details
- * from a {@link PasswordAuthenticationDao}.
- *
- *
- * This AuthenticationProvider
is capable of validating {@link
- * UsernamePasswordAuthenticationToken} requests containing the correct
- * username, password and when the user is not disabled.
- *
- * Unlike {@link DaoAuthenticationProvider}, the responsibility for password
- * validation is delegated to PasswordAuthenticationDao
.
- *
- * Upon successful validation, a
- * UsernamePasswordAuthenticationToken
will be created and
- * returned to the caller. The token will include as its principal either a
- * String
representation of the username, or the {@link
- * UserDetails} that was returned from the authentication repository. Using
- * String
is appropriate if a container adapter is being used, as
- * it expects String
representations of the username. Using
- * UserDetails
is appropriate if you require access to additional
- * properties of the authenticated user, such as email addresses,
- * human-friendly names etc. As container adapters are not recommended to be
- * used, and UserDetails
implementations provide additional
- * flexibility, by default a UserDetails
is returned. To override
- * this default, set the {@link #setForcePrincipalAsString} to
- * true
.
- *
- * Caching is handled via the UserDetails
object being placed in
- * the {@link UserCache}. This ensures that subsequent requests with the same
- * username and password can be validated without needing to query the {@link
- * PasswordAuthenticationDao}. It should be noted that if a user appears to
- * present an incorrect password, the {@link PasswordAuthenticationDao} will
- * be queried to confirm the most up-to-date password was used for comparison.
- *
- * If an application context is detected (which is automatically the case when - * the bean is started within a Spring container), application events will be - * published to the context. See {@link - * org.acegisecurity.event.authentication.AbstractAuthenticationEvent} for - * further information. - *
- * - * @deprecated instead subclass {@link org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider} - * @author Karel Miarka - */ -public class PasswordDaoAuthenticationProvider implements AuthenticationProvider, - InitializingBean { - //~ Instance fields ======================================================== - - private PasswordAuthenticationDao authenticationDao; - private UserCache userCache = new NullUserCache(); - private boolean forcePrincipalAsString = false; - - //~ Methods ================================================================ - - public void setForcePrincipalAsString(boolean forcePrincipalAsString) { - this.forcePrincipalAsString = forcePrincipalAsString; - } - - public boolean isForcePrincipalAsString() { - return forcePrincipalAsString; - } - - public void setPasswordAuthenticationDao( - PasswordAuthenticationDao authenticationDao) { - this.authenticationDao = authenticationDao; - } - - public PasswordAuthenticationDao getPasswordAuthenticationDao() { - return authenticationDao; - } - - public void setUserCache(UserCache userCache) { - this.userCache = userCache; - } - - public UserCache getUserCache() { - return userCache; - } - - public void afterPropertiesSet() throws Exception { - Assert.notNull(this.authenticationDao, - "A Password authentication DAO must be set"); - Assert.notNull(this.userCache, "A user cache must be set"); - } - - public Authentication authenticate(Authentication authentication) - throws AuthenticationException { - // Determine username - String username = authentication.getPrincipal().toString(); - - if (authentication.getPrincipal() instanceof UserDetails) { - username = ((UserDetails) authentication.getPrincipal()) - .getUsername(); - } - - String password = authentication.getCredentials().toString(); - - boolean cacheWasUsed = true; - UserDetails user = this.userCache.getUserFromCache(username); - - // Check if the provided password is the same as the password in cache - if ((user != null) && !password.equals(user.getPassword())) { - user = null; - this.userCache.removeUserFromCache(username); - } - - if (user == null) { - cacheWasUsed = false; - user = getUserFromBackend(username, password); - } - - if (!user.isEnabled()) { - throw new DisabledException("User is disabled"); - } - - if (!user.isAccountNonExpired()) { - throw new AccountExpiredException("User account has expired"); - } - - if (!user.isAccountNonLocked()) { - throw new LockedException("User account is locked"); - } - - if (!user.isCredentialsNonExpired()) { - throw new CredentialsExpiredException( - "User credentials have expired"); - } - - if (!cacheWasUsed) { - // Put into cache - this.userCache.putUserInCache(user); - } - - Object principalToReturn = user; - - if (forcePrincipalAsString) { - principalToReturn = user.getUsername(); - } - - return createSuccessAuthentication(principalToReturn, authentication, - user); - } - - public boolean supports(Class authentication) { - if (UsernamePasswordAuthenticationToken.class.isAssignableFrom( - authentication)) { - return true; - } else { - return false; - } - } - - /** - * Creates a successful {@link Authentication} object. - * - *
- * Protected so subclasses can override. This might be required if multiple
- * credentials need to be placed into a custom Authentication
- * object, such as a password as well as a ZIP code.
- *
- * Subclasses will usually store the original credentials the user supplied
- * (not salted or encoded passwords) in the returned
- * Authentication
object.
- *
PasswordDaoAuthenticationProvider
for validation
- * @param user that was loaded by the
- * PasswordAuthenticationDao
- *
- * @return the successful authentication token
- */
- protected Authentication createSuccessAuthentication(Object principal,
- Authentication authentication, UserDetails user) {
- // Ensure we return the original credentials the user supplied,
- // so subsequent attempts are successful even with encoded passwords.
- // Also ensure we return the original getDetails(), so that future
- // authentication events after cache expiry contain the details
- UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(principal,
- authentication.getCredentials(), user.getAuthorities());
- result.setDetails((authentication.getDetails() != null)
- ? authentication.getDetails() : null);
-
- return result;
- }
-
- private UserDetails getUserFromBackend(String username, String password) {
- try {
- return this.authenticationDao.loadUserByUsernameAndPassword(username,
- password);
- } catch (DataAccessException repositoryProblem) {
- throw new AuthenticationServiceException(repositoryProblem
- .getMessage(), repositoryProblem);
- }
- }
-}
diff --git a/sandbox/src/main/java/org/acegisecurity/providers/dao/ldap/revised/InitialDirContextFactory.java b/sandbox/src/main/java/org/acegisecurity/providers/dao/ldap/revised/InitialDirContextFactory.java
deleted file mode 100644
index 386a262b5d..0000000000
--- a/sandbox/src/main/java/org/acegisecurity/providers/dao/ldap/revised/InitialDirContextFactory.java
+++ /dev/null
@@ -1,170 +0,0 @@
-package org.acegisecurity.providers.dao.ldap.revised;
-
-import java.util.Hashtable;
-import java.util.Map;
-import javax.naming.Context;
-import javax.naming.NamingException;
-import javax.naming.directory.InitialDirContext;
-import org.springframework.dao.DataAccessResourceFailureException;
-
-/**
- * @see http://java.sun.com/products/jndi/tutorial/ldap/connect/config.html
- *
- * @author robert.sanders
- *
- */
-public class InitialDirContextFactory {
-
- /**
- * LDAP URL (without the port) of the LDAP server to connect to; example
- * ldap://dir.mycompany.com:389/dc=mycompany,dc=com (port 389 is the standard LDAP port).
- */
- private String URL;
-
- /** If your LDAP server does not allow anonymous searches then
- * you will need to provide a username with which to login with;
- * this is that username.
- */
- private String managerUser;
-
- /** If your LDAP server does not allow anonymous searches then
- * you will need to provide a username with which to login with;
- * this is the password of that user.
- */
- private String managerPassword;
-
- /** Type of authentication within LDAP; default is simple. */
- private String authenticationType = "simple";
-
- /** The INITIAL_CONTEXT_FACTORY used to create the JNDI Factory.
- * Default is "com.sun.jndi.ldap.LdapCtxFactory"; you should not
- * need to set this unless you have unusual needs.
- **/
- private String initialContextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
-
- /** Allows extra environment variables to be added at config time. */
- private Map extraEnvVars = null;
-
- /** Use the LDAP Connection pool (in SUN JVMs)?; if true, then the
- * LDAP environment property "com.sun.jndi.ldap.connect.pool" is added
- * to any other JNDI properties.
- * @see http://java.sun.com/products/jndi/tutorial/ldap/connect/pool.html
- * @see http://java.sun.com/products/jndi/tutorial/ldap/connect/config.html
- */
- private boolean connectionPoolEnabled = true;
-
- public InitialDirContext newInitialDirContext() throws DataAccessResourceFailureException {
- Hashtable env = getEnvironment();
- if (managerUser != null) {
- env.put(Context.SECURITY_PRINCIPAL, managerUser);
- env.put(Context.SECURITY_CREDENTIALS, managerPassword);
- }
- try {
- return new InitialDirContext(env);
- } catch (NamingException nx) {
- throw new DataAccessResourceFailureException("Unable to connect to LDAP Server; check managerUser and managerPassword.", nx);
- }
- }
-
- /**
- * @return The Hashtable describing the base DirContext that will be created; minus the username/password if any.
- */
- protected Hashtable getEnvironment() {
- Hashtable env = new Hashtable(11);
- env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
- env.put(Context.PROVIDER_URL, URL);
- env.put(Context.SECURITY_AUTHENTICATION, authenticationType);
- if (connectionPoolEnabled) {
- env.put("com.sun.jndi.ldap.connect.pool", "true");
- }
- if ((extraEnvVars != null) && (extraEnvVars.size() > 0)) {
- env.putAll(extraEnvVars);
- }
- return env;
- }
-
- /**
- * @return Returns the authenticationType.
- */
- public String getAuthenticationType() {
- return authenticationType;
- }
-
- /**
- * @param authenticationType The authenticationType to set.
- */
- public void setAuthenticationType(String authenticationType) {
- this.authenticationType = authenticationType;
- }
-
- /**
- * @return Returns the initialContextFactory.
- */
- public String getInitialContextFactory() {
- return initialContextFactory;
- }
-
- /**
- * @param initialContextFactory The initialContextFactory to set.
- */
- public void setInitialContextFactory(String initialContextFactory) {
- this.initialContextFactory = initialContextFactory;
- }
-
- /**
- * @return Returns the managerPassword.
- */
- public String getManagerPassword() {
- return managerPassword;
- }
-
- /**
- * @param managerPassword The managerPassword to set.
- */
- public void setManagerPassword(String managerPassword) {
- this.managerPassword = managerPassword;
- }
-
- /**
- * @return Returns the managerUser.
- */
- public String getManagerUser() {
- return managerUser;
- }
-
- /**
- * @param managerUser The managerUser to set.
- */
- public void setManagerUser(String managerUser) {
- this.managerUser = managerUser;
- }
-
- /**
- * @return Returns the uRL.
- */
- public String getURL() {
- return URL;
- }
-
- /**
- * @param url The uRL to set.
- */
- public void setURL(String url) {
- URL = url;
- }
-
- /**
- * @return Allows extra environment variables to be added at config time.
- */
- public Map getExtraEnvVars() {
- return extraEnvVars;
- }
-
- /**
- * @param extraEnvVars Allows extra environment variables to be added at config time.
- */
- public void setExtraEnvVars(Map extraEnvVars) {
- this.extraEnvVars = extraEnvVars;
- }
-
-}
diff --git a/sandbox/src/main/java/org/acegisecurity/providers/dao/ldap/revised/LdapPassword2AuthenticationDao.java b/sandbox/src/main/java/org/acegisecurity/providers/dao/ldap/revised/LdapPassword2AuthenticationDao.java
deleted file mode 100644
index 506b9e1655..0000000000
--- a/sandbox/src/main/java/org/acegisecurity/providers/dao/ldap/revised/LdapPassword2AuthenticationDao.java
+++ /dev/null
@@ -1,216 +0,0 @@
-/**
- *
- */
-package org.acegisecurity.providers.dao.ldap.revised;
-
-import java.util.ArrayList;
-import java.util.Hashtable;
-
-import javax.naming.Context;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.InitialDirContext;
-import javax.naming.directory.SearchResult;
-
-import org.acegisecurity.BadCredentialsException;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.GrantedAuthorityImpl;
-import org.acegisecurity.providers.dao.ldap.PasswordAuthenticationDao;
-import org.acegisecurity.userdetails.User;
-import org.acegisecurity.userdetails.UserDetails;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.dao.DataAccessException;
-
-/**
- * Re-written version of the ACEGI LDAP code,
- * designed to be cleaner; it is partially based on
- * the description of the mod_auth_ldap logic: http://httpd.apache.org/docs-2.0/mod/mod_auth_ldap.html
- *
- *
- *
- */
-public class LdapPassword2AuthenticationDao implements PasswordAuthenticationDao {
-
- public static final String BAD_CREDENTIALS_EXCEPTION_MESSAGE = "Invalid username, password or context";
-
- private static final transient Log logger = LogFactory.getLog(LdapPassword2AuthenticationDao.class);
-
- /** Ldap base settings. */
- private InitialDirContextFactory initialDirContextFactory;
-
- /** Array of LdapSearchBean which will be used to search the context.
- */
- private UserSearchBean[] userSearchBeans;
-
- private String defaultRole;
-
- public UserDetails loadUserByUsernameAndPassword(String username, String password) throws DataAccessException, BadCredentialsException {
- if ((password == null) || (password.length() == 0)) {
- throw new BadCredentialsException("Empty password");
- }
-
- UserSearchResults userSearchResults = getUserBySearch(username);
- if (null == userSearchResults) {
- throw new BadCredentialsException(BAD_CREDENTIALS_EXCEPTION_MESSAGE);
- }
-
- DirContext userDirContext = null;
- try {
- userDirContext = loginToUserDirContext( userSearchResults.getUserLoginName(), password );
- if (null == userDirContext) {
- throw new BadCredentialsException(BAD_CREDENTIALS_EXCEPTION_MESSAGE);
- }
-
- String[] roleAttrs = userSearchResults.getUserSearchBean().getRoleAttributes();
- GrantedAuthority[] roles = getUserRolesLdap(userDirContext, roleAttrs);
-
- if ((roles == null) && (null != defaultRole)) {
- roles = new GrantedAuthority[] { new GrantedAuthorityImpl(defaultRole) };
- }
- if (null != roles) {
- return new User( userSearchResults.getUserLoginName(),
- password,
- true,
- true,
- true,
- true,
- roles);
- } else {
- logger.info("User was able to login, but had no role information; username = [" + username + "]");
- throw new BadCredentialsException(BAD_CREDENTIALS_EXCEPTION_MESSAGE);
- }
- } finally {
- try {
- if (null != userDirContext) {
- userDirContext.close();
- }
- } catch (NamingException e) {
- logger.warn("Unable to properly close userDirContext.", e);
- }
- }
- }
-
- protected UserSearchResults getUserBySearch(String username) throws DataAccessException, BadCredentialsException {
- InitialDirContext ctx = initialDirContextFactory.newInitialDirContext();
- UserSearchResults userSearchResults = null;
- try {
- for (int i = 0; (i < userSearchBeans.length) && (null == userSearchResults); i++) {
- try {
- userSearchResults = userSearchBeans[i].searchForUser(ctx, username);
- } catch (NamingException nx) {
- logger.warn(nx);
- }
- }
- } finally {
- try {
- ctx.close();
- } catch (NamingException e) {
- logger.warn("Unable to properly close JNDI LDAP connection.", e);
- }
- }
- return userSearchResults;
- }
-
-
- protected DirContext loginToUserDirContext(String username, String password) {
- Hashtable baseEnv = initialDirContextFactory.getEnvironment();
- baseEnv.put(Context.SECURITY_PRINCIPAL, username);
- baseEnv.put(Context.SECURITY_CREDENTIALS, password);
- try {
- return new InitialDirContext(baseEnv);
- } catch (NamingException e) {
- throw new BadCredentialsException(BAD_CREDENTIALS_EXCEPTION_MESSAGE, e);
- }
- }
-
-
- protected GrantedAuthority[] getUserRolesLdap(DirContext ctx, String[] roleAttrs) {
- try {
- NamingEnumeration enm = ctx.search("", null, roleAttrs);
- if (!enm.hasMore()) {
- return null;
- }
-
- // LDAP Search result which SHOULD contain the user's roles
- SearchResult searchResult = (SearchResult)enm.next();
- Attributes attrs = searchResult.getAttributes();
-
- ArrayList roleList = new ArrayList(attrs.size());
- NamingEnumeration attrEnm = attrs.getAll();
- while (attrEnm.hasMore()) {
- Attribute attr = (Attribute)attrEnm.next();
- for (int i = 0; i < attr.size(); i++) {
- roleList.add( new GrantedAuthorityImpl((String)attr.get(i)) );
- }
- }
-
- GrantedAuthorityImpl[] roles = new GrantedAuthorityImpl[ roleList.size() ];
- return (GrantedAuthorityImpl[])roleList.toArray(roles);
- } catch (NamingException e) {
- // TODO Convert to authentication exception
- e.printStackTrace();
- }
- return null;
- }
-
- /**
- * @return Returns the defaultRole.
- */
- public String getDefaultRole() {
- return defaultRole;
- }
-
- /**
- * @param defaultRole The defaultRole to set.
- */
- public void setDefaultRole(String defaultRole) {
- this.defaultRole = defaultRole;
- }
-
- /**
- * @return Returns the userSearchBeans.
- */
- public UserSearchBean[] getUserSearchBeans() {
- return userSearchBeans;
- }
-
- /**
- * @param userSearchBeans The userSearchBeans to set.
- */
- public void setUserSearchBeans(UserSearchBean[] userSearchBeans) {
- this.userSearchBeans = userSearchBeans;
- }
-
- /** Convience method to set only one userSearchBean.
- * NOTE: this method resets the entire userSearchBeans array,
- * and can therefore not be used to append entries to the array.
- *
- * @param userSearchBean
- */
- public void setUserSearchBean(UserSearchBean userSearchBean) {
- this.userSearchBeans = new UserSearchBean[]{userSearchBean};
- }
-
- /**
- * @return Returns the ldapSupport.
- */
- public InitialDirContextFactory getInitialDirContextFactory() {
- return initialDirContextFactory;
- }
-
- /**
- * @param ldapSupport The ldapSupport to set.
- */
- public void setInitialDirContextFactory(InitialDirContextFactory initialDirContextFactory) {
- this.initialDirContextFactory = initialDirContextFactory;
- }
-
-
-
-
-}
diff --git a/sandbox/src/main/java/org/acegisecurity/providers/dao/ldap/revised/SearchControlsFactory.java b/sandbox/src/main/java/org/acegisecurity/providers/dao/ldap/revised/SearchControlsFactory.java
deleted file mode 100644
index e85287e389..0000000000
--- a/sandbox/src/main/java/org/acegisecurity/providers/dao/ldap/revised/SearchControlsFactory.java
+++ /dev/null
@@ -1,171 +0,0 @@
-/**
- *
- */
-package org.acegisecurity.providers.dao.ldap.revised;
-
-
-import javax.naming.directory.SearchControls;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-/**
- * Used to specify properties which are used to
- * construct JNDI SearchControls instances.
- *
- * @see javax.naming.directory.SearchControls
- *
- */
-public class SearchControlsFactory {
-
- private static final transient Log logger = LogFactory.getLog(SearchControlsFactory.class);
-
- /** Name, which when combined with the rootContext of the DirContext
- * being searched will resolve to the DN that the search should be performed in.
- */
- private String searchContextName;
-
- /** Names of the attributes to return from the search;
- * default is null in which case ALL attributes will be returned.
- */
- private String[] returnAttrNames;
-
- /**
- * One of the 3 possible scope values as specified in SearchControles.