View Javadoc
1   /**
2    * Originally contributed by eMation (www.emation.pt)
3    */
4   package org.itracker.services.authentication.adsson;
5   
6   import org.apache.log4j.Logger;
7   
8   import javax.security.auth.Subject;
9   import javax.security.auth.login.LoginContext;
10  import javax.security.auth.login.LoginException;
11  import java.io.IOException;
12  import java.io.InputStream;
13  import java.security.AccessControlException;
14  import java.util.Properties;
15  
16  /**
17   * Performs a kerberos authenticated search in AD
18   *
19   * @author ricardo
20   */
21  public class ADIntegration {
22  
23      private static final String AD_AUTH_PROPERTIES_FILE = "adauth.properties";
24      private static final String PASSWORD = "password";
25      private static final String USERNAME = "username";
26      private static final String BASE_BRANCH = "basebranch";
27      private static final String PROVIDER_URL = "url";
28  
29      private final Logger logger;
30      private LoginContext lc = null;
31      private Properties adAuth;
32  
33      public ADIntegration() throws IOException {
34          this.logger = Logger.getLogger(getClass());
35          adAuth = new Properties();
36          InputStream is = getClass().getResourceAsStream("/" + AD_AUTH_PROPERTIES_FILE);
37          if (is == null) {
38              String message = "Can't find " + AD_AUTH_PROPERTIES_FILE + " to get A.D. auth properties. This file should be in the root of your classpath or EAR file";
39              logger.error(message);
40              throw new IOException(message);
41          }
42          adAuth.load(is);
43      }
44  
45      public void login() throws LoginException {
46          try {
47              // 1. Log in (to Kerberos)
48              // The login context should be configured in login-config.xml
49              lc = new LoginContext("Helpdesk", new SimpleCallbackHandler(getUsername(), getPassword()));
50              // Attempt authentication
51              // You might want to do this in a "for" loop to give
52              // user more than one chance to enter correct username/password
53              lc.login();
54          } catch (IOException e) {
55              throw new LoginException(e.getMessage());
56          }
57      }
58  
59      public Object getUserInfo(String login) throws AccessControlException {
60          // 2. Perform JNDI work as logged in subject
61          Object userInfo = Subject.doAs(lc.getSubject(), new GetUserModelFromADPrivilegedAction(login, getBaseBranch(), getProviderUrl()));
62  
63          if (userInfo == null) {
64              logger.error("Can't get info on " + login + " from A.D.");
65              throw new AccessControlException("Can't get info on " + login + " from A.D.");
66          }
67  
68          return (userInfo);
69      }
70  
71      /**
72       * @return
73       */
74      private String getProviderUrl() {
75          return (adAuth.getProperty(PROVIDER_URL));
76      }
77  
78      /**
79       * @return
80       */
81      private String getPassword() throws IOException {
82          return (adAuth.getProperty(PASSWORD));
83      }
84  
85      /**
86       * @return
87       */
88      private String getUsername() throws IOException {
89          return (adAuth.getProperty(USERNAME));
90      }
91  
92      /**
93       * @return
94       */
95      private String getBaseBranch() {
96          return (adAuth.getProperty(BASE_BRANCH));
97      }
98  }