ADIntegration.java
/**
* Originally contributed by eMation (www.emation.pt)
*/
package org.itracker.services.authentication.adsson;
import org.apache.log4j.Logger;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import java.io.IOException;
import java.io.InputStream;
import java.security.AccessControlException;
import java.util.Properties;
/**
* Performs a kerberos authenticated search in AD
*
* @author ricardo
*/
public class ADIntegration {
private static final String AD_AUTH_PROPERTIES_FILE = "adauth.properties";
private static final String PASSWORD = "password";
private static final String USERNAME = "username";
private static final String BASE_BRANCH = "basebranch";
private static final String PROVIDER_URL = "url";
private final Logger logger;
private LoginContext lc = null;
private Properties adAuth;
public ADIntegration() throws IOException {
this.logger = Logger.getLogger(getClass());
adAuth = new Properties();
InputStream is = getClass().getResourceAsStream("/" + AD_AUTH_PROPERTIES_FILE);
if (is == null) {
String message = "Can't find " + AD_AUTH_PROPERTIES_FILE + " to get A.D. auth properties. This file should be in the root of your classpath or EAR file";
logger.error(message);
throw new IOException(message);
}
adAuth.load(is);
}
public void login() throws LoginException {
try {
// 1. Log in (to Kerberos)
// The login context should be configured in login-config.xml
lc = new LoginContext("Helpdesk", new SimpleCallbackHandler(getUsername(), getPassword()));
// Attempt authentication
// You might want to do this in a "for" loop to give
// user more than one chance to enter correct username/password
lc.login();
} catch (IOException e) {
throw new LoginException(e.getMessage());
}
}
public Object getUserInfo(String login) throws AccessControlException {
// 2. Perform JNDI work as logged in subject
Object userInfo = Subject.doAs(lc.getSubject(), new GetUserModelFromADPrivilegedAction(login, getBaseBranch(), getProviderUrl()));
if (userInfo == null) {
logger.error("Can't get info on " + login + " from A.D.");
throw new AccessControlException("Can't get info on " + login + " from A.D.");
}
return (userInfo);
}
/**
* @return
*/
private String getProviderUrl() {
return (adAuth.getProperty(PROVIDER_URL));
}
/**
* @return
*/
private String getPassword() throws IOException {
return (adAuth.getProperty(PASSWORD));
}
/**
* @return
*/
private String getUsername() throws IOException {
return (adAuth.getProperty(USERNAME));
}
/**
* @return
*/
private String getBaseBranch() {
return (adAuth.getProperty(BASE_BRANCH));
}
}