ADIntegration.java

/**
 * Originally contributed by eMation (www.emation.pt)
 */
package org.itracker.services.authentication.adsson;

import org.apache.log4j.Logger;

import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import java.io.IOException;
import java.io.InputStream;
import java.security.AccessControlException;
import java.util.Properties;

/**
 * Performs a kerberos authenticated search in AD
 *
 * @author ricardo
 */
public class ADIntegration {

    private static final String AD_AUTH_PROPERTIES_FILE = "adauth.properties";
    private static final String PASSWORD = "password";
    private static final String USERNAME = "username";
    private static final String BASE_BRANCH = "basebranch";
    private static final String PROVIDER_URL = "url";

    private final Logger logger;
    private LoginContext lc = null;
    private Properties adAuth;

    public ADIntegration() throws IOException {
        this.logger = Logger.getLogger(getClass());
        adAuth = new Properties();
        InputStream is = getClass().getResourceAsStream("/" + AD_AUTH_PROPERTIES_FILE);
        if (is == null) {
            String message = "Can't find " + AD_AUTH_PROPERTIES_FILE + " to get A.D. auth properties. This file should be in the root of your classpath or EAR file";
            logger.error(message);
            throw new IOException(message);
        }
        adAuth.load(is);
    }

    public void login() throws LoginException {
        try {
            // 1. Log in (to Kerberos)
            // The login context should be configured in login-config.xml
            lc = new LoginContext("Helpdesk", new SimpleCallbackHandler(getUsername(), getPassword()));
            // Attempt authentication
            // You might want to do this in a "for" loop to give
            // user more than one chance to enter correct username/password
            lc.login();
        } catch (IOException e) {
            throw new LoginException(e.getMessage());
        }
    }

    public Object getUserInfo(String login) throws AccessControlException {
        // 2. Perform JNDI work as logged in subject
        Object userInfo = Subject.doAs(lc.getSubject(), new GetUserModelFromADPrivilegedAction(login, getBaseBranch(), getProviderUrl()));

        if (userInfo == null) {
            logger.error("Can't get info on " + login + " from A.D.");
            throw new AccessControlException("Can't get info on " + login + " from A.D.");
        }

        return (userInfo);
    }

    /**
     * @return
     */
    private String getProviderUrl() {
        return (adAuth.getProperty(PROVIDER_URL));
    }

    /**
     * @return
     */
    private String getPassword() throws IOException {
        return (adAuth.getProperty(PASSWORD));
    }

    /**
     * @return
     */
    private String getUsername() throws IOException {
        return (adAuth.getProperty(USERNAME));
    }

    /**
     * @return
     */
    private String getBaseBranch() {
        return (adAuth.getProperty(BASE_BRANCH));
    }
}