ADIntegration.java

  1. /**
  2.  * Originally contributed by eMation (www.emation.pt)
  3.  */
  4. package org.itracker.services.authentication.adsson;

  5. import org.apache.log4j.Logger;

  6. import javax.security.auth.Subject;
  7. import javax.security.auth.login.LoginContext;
  8. import javax.security.auth.login.LoginException;
  9. import java.io.IOException;
  10. import java.io.InputStream;
  11. import java.security.AccessControlException;
  12. import java.util.Properties;

  13. /**
  14.  * Performs a kerberos authenticated search in AD
  15.  *
  16.  * @author ricardo
  17.  */
  18. public class ADIntegration {

  19.     private static final String AD_AUTH_PROPERTIES_FILE = "adauth.properties";
  20.     private static final String PASSWORD = "password";
  21.     private static final String USERNAME = "username";
  22.     private static final String BASE_BRANCH = "basebranch";
  23.     private static final String PROVIDER_URL = "url";

  24.     private final Logger logger;
  25.     private LoginContext lc = null;
  26.     private Properties adAuth;

  27.     public ADIntegration() throws IOException {
  28.         this.logger = Logger.getLogger(getClass());
  29.         adAuth = new Properties();
  30.         InputStream is = getClass().getResourceAsStream("/" + AD_AUTH_PROPERTIES_FILE);
  31.         if (is == null) {
  32.             String message = "Can't find " + AD_AUTH_PROPERTIES_FILE + " to get A.D. auth properties. This file should be in the root of your classpath or EAR file";
  33.             logger.error(message);
  34.             throw new IOException(message);
  35.         }
  36.         adAuth.load(is);
  37.     }

  38.     public void login() throws LoginException {
  39.         try {
  40.             // 1. Log in (to Kerberos)
  41.             // The login context should be configured in login-config.xml
  42.             lc = new LoginContext("Helpdesk", new SimpleCallbackHandler(getUsername(), getPassword()));
  43.             // Attempt authentication
  44.             // You might want to do this in a "for" loop to give
  45.             // user more than one chance to enter correct username/password
  46.             lc.login();
  47.         } catch (IOException e) {
  48.             throw new LoginException(e.getMessage());
  49.         }
  50.     }

  51.     public Object getUserInfo(String login) throws AccessControlException {
  52.         // 2. Perform JNDI work as logged in subject
  53.         Object userInfo = Subject.doAs(lc.getSubject(), new GetUserModelFromADPrivilegedAction(login, getBaseBranch(), getProviderUrl()));

  54.         if (userInfo == null) {
  55.             logger.error("Can't get info on " + login + " from A.D.");
  56.             throw new AccessControlException("Can't get info on " + login + " from A.D.");
  57.         }

  58.         return (userInfo);
  59.     }

  60.     /**
  61.      * @return
  62.      */
  63.     private String getProviderUrl() {
  64.         return (adAuth.getProperty(PROVIDER_URL));
  65.     }

  66.     /**
  67.      * @return
  68.      */
  69.     private String getPassword() throws IOException {
  70.         return (adAuth.getProperty(PASSWORD));
  71.     }

  72.     /**
  73.      * @return
  74.      */
  75.     private String getUsername() throws IOException {
  76.         return (adAuth.getProperty(USERNAME));
  77.     }

  78.     /**
  79.      * @return
  80.      */
  81.     private String getBaseBranch() {
  82.         return (adAuth.getProperty(BASE_BRANCH));
  83.     }
  84. }