Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.codepin.ldaphack
Class ldapauth

java.lang.Object
  extended by org.codepin.ldaphack.ldapauth

public class ldapauth
extends java.lang.Object

Simple implementation of an authorization mechanism for ldap. The intention of this class is to be used in hacking LDAP authentication into a third-party software application.

Example code to illustrate: 
   // code before integrating hack:
    if (isAuthenticatedUser(username,password) {
        userObject = getUserObject(username);
        System.out.println("You are authorized");
    } else {
        System.out.println("You are not authorized!");
        System.exit(1);
    }

   // code after integrating hack (assumes you created properties file, see ldapauth(String)):
    ldapauth la = new ldapauth(); 
    String userDN = la.searchfordn(username);
    if (userDN != null) {
        // authenticate via LDAP if found in LDAP
        if (la.bindauthdn(userDN,password) {
            userObject = getUserObject(username);
            System.out.println("You are authorized via LDAP");
        } else {
            System.out.println("You are not authorized via LDAP");
            System.exit(1);
        }
    } else if (isAuthenticatedUser(username,password) {
        // else authenticate via the application if not found in LDAP
        userObject = getUserObject(username);
        System.out.println("You are authorized");
    } else {
        System.out.println("You are not authorized!");
        System.exit(1);
    }

Author:
Russell E Glaue

Constructor Summary
ldapauth()
          Create an initialized instance of ldapauth using object's default property file.
ldapauth(java.lang.String propertiesFile)
          Create an initialized instance of ldapauth with given property file.
 
Method Summary
 boolean bindauthdn(java.lang.String userDN)
          Attempt to authenticate a user from a provided user DN and the password set in the object which by default the password is an empty string.
 boolean bindauthdn(java.lang.String userDN, java.lang.String password)
          Attempt to authenticate a user from a provided user DN and password
 boolean bindauthusername()
          Attempt to authenticate a user from the username and password set in the object.
 boolean bindauthusername(java.lang.String username)
          Attempt to authenticate a user from a provided username and the password set in the object which by default the password is an empty string.
 boolean bindauthusername(java.lang.String username, java.lang.String password)
          Attempt to authenticate a user from a provided username and password.
 boolean getAllowEmptyPassword()
          Get the value of allowing empty passwords during authentication.
 java.lang.String getAuthAttribute()
          Get the attribute set to uniquely identify the user in LDAP for authentication purposes.
 java.lang.String getBaseDN()
          Get the Base DN set to confine the connection or search within the LDAP server.
 java.lang.String getBindDN()
          Get the Manager DN set to bind to LDAP for searching purposes
 java.lang.String getBindPassword()
          Get the password set for the Manager DN
 java.lang.String getCompletedSearchFilter()
          Get the search filter resulting from substituting the username into it.
 java.lang.String getCompletedSearchFilter(java.lang.String username)
          Get the search filter resulting from substituting the username into it.
 java.lang.String getCompletedSearchFilter(java.lang.String searchFilter, java.lang.String username)
          Get the search filter resulting from substituting the username into it.
 java.lang.String getPassword()
          Get the password set to authorize the username with
 java.util.Properties getProperties()
          Get the Properties object of this object
 java.lang.String getPropertyFile()
          Get the Property File set for this object
 java.lang.String getProviderUrl()
          Get the LDAP URL to be used for connecting to the LDAP server.
 java.lang.String getSearchFilter()
          Get the search filter set to be use when searching for authorized accounts within LDAP.
 java.lang.String getUsername()
          Get the username set to authorize
 void reloadProperties()
          Reload the Properties into this object from the properties file.
 java.lang.String searchfordn()
          Search for the userDN using the searchFilter and username set in this object.
 java.lang.String searchfordn(java.lang.String username)
          Search for the userDN using the provided username and the searchFilter set in this object.
 java.lang.String searchfordn(java.lang.String searchFilter, java.lang.String username)
          Search for the userDN using the provided searchFilter and username.
 void setAllowEmptyPassword(boolean allowEmptyPassword)
          Set true to allow empty password to be used with username authentication, or false to disallow empty passwords to be used in attempting authentication.
If an empty password is provided, some LDAP servers will successfully bind the user as anonymous.
 void setAuthAttribute(java.lang.String ldapAuthAttribute)
          Set the attribute used to uniquely identify the user in LDAP for authentication purposes.
 void setBaseDN(java.lang.String BaseDN)
          Set the Base DN you want to confine your connection or search to within the LDAP server.
 void setBindDN(java.lang.String ManagerBindDN)
          Set the Manager DN to bind to LDAP for searching purposes.
 void setBindPassword(java.lang.String ManagerBindPassword)
          Set the password of the Manager DN
 void setPassword(java.lang.String userPassword)
          Set the password to authorize the username with
 void setProperties(java.util.Properties properties)
          Set the Properties object of this object
 void setPropertyFile(java.lang.String propertiesFile)
          Set the Property File for this object.
 void setProviderUrl(java.lang.String providerUrl)
          Set the LDAP URL to be used for connecting to the LDAP server.
 void setSearchFilter(java.lang.String searchFilter)
          Set the search filter you want to have used when searching for authorized accounts within LDAP.
 void setUsername(java.lang.String userName)
          Set the username to authorize
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ldapauth

public ldapauth(java.lang.String propertiesFile)

Create an initialized instance of ldapauth with given property file. Upon creation the provided property file is read in and the obect is set up with the values.
The Property File by default is attempted to be found in the classpath as "ldaphack.ldapauth.properties" and is expected to be in XML format.

Here is an example properties file: 
 <!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
 <properties>
   <entry key="ProviderUrl">ldap://ldap.example.org:389</entry>
   <entry key="SearchFilter">(&amp;(uid={0})(objectClass=inetOrgPerson))</entry>
   <entry key="BaseDN">dc=example,dc=org</entry>
   <entry key="AllowEmptyPassword">false</entry>
   <entry key="AuthAttribute">uid</entry>
   <entry key="BindDN">uid=ldapreadonlyuser,ou=People,o=cait.org</entry>
   <entry key="BindPassword">secret</entry>
   <entry key="DEBUG">false</entry>
 </properties>
Note that & must be escaped as &amp; in XML, or you'll get an error when loaded.

If you do not use a property file, an error will be send to System.err, but you can still use the object and use the setter methods to set your properties for the object.

Parameters:
propertiesFile -

ldapauth

public ldapauth()

Create an initialized instance of ldapauth using object's default property file. Upon creation the property file is read in and the obect is set up with the values.
The propertyFile by default is attempted to be found in the classpath as "ldaphack.ldapauth.properties" and is expected to be in XML format.
Refer to ldapauth(String) for an example properties file.

Method Detail

setPropertyFile

public void setPropertyFile(java.lang.String propertiesFile)
Set the Property File for this object.

property key: PropertyFile

Parameters:
propertiesFile -

getPropertyFile

public java.lang.String getPropertyFile()
Get the Property File set for this object

property key: PropertyFile

setProperties

public void setProperties(java.util.Properties properties)
Set the Properties object of this object

Parameters:
properties -

getProperties

public java.util.Properties getProperties()
Get the Properties object of this object

reloadProperties

public void reloadProperties()
Reload the Properties into this object from the properties file.

setUsername

public void setUsername(java.lang.String userName)
Set the username to authorize

Parameters:
userName -

getUsername

public java.lang.String getUsername()
Get the username set to authorize

setPassword

public void setPassword(java.lang.String userPassword)
Set the password to authorize the username with

Parameters:
userPassword -

getPassword

public java.lang.String getPassword()
Get the password set to authorize the username with

setBindDN

public void setBindDN(java.lang.String ManagerBindDN)
Set the Manager DN to bind to LDAP for searching purposes. Anonymous binds are performed for searching LDAP unless a BindDN is supplied. This is necessary to be set if anonymous binds are not allowed to fully search ldap with the search filter used by searchfordn(String,String) and bindauthusername(String,String) functions.

property key: BindDN

Parameters:
ManagerBindDN -

getBindDN

public java.lang.String getBindDN()
Get the Manager DN set to bind to LDAP for searching purposes

property key: BindDN

setBindPassword

public void setBindPassword(java.lang.String ManagerBindPassword)
Set the password of the Manager DN

property key: BindPassword

Parameters:
ManagerBindPassword -

getBindPassword

public java.lang.String getBindPassword()
Get the password set for the Manager DN

property key: BindPassword

setAuthAttribute

public void setAuthAttribute(java.lang.String ldapAuthAttribute)
Set the attribute used to uniquely identify the user in LDAP for authentication purposes. Usually this will be the attribute which makes up the user DN which can be uid or cn or even mail. Be sure this attribute is unique and LDAP does not allow duplicates. default is uid

property key: AuthAttribute

Parameters:
ldapAuthAttribute -

getAuthAttribute

public java.lang.String getAuthAttribute()
Get the attribute set to uniquely identify the user in LDAP for authentication purposes.

property key: AuthAttribute

setAllowEmptyPassword

public void setAllowEmptyPassword(boolean allowEmptyPassword)
Set true to allow empty password to be used with username authentication, or false to disallow empty passwords to be used in attempting authentication.
If an empty password is provided, some LDAP servers will successfully bind the user as anonymous. If your LDAP server does this, you will want to set this to false so that supplying an emtpy password will return an authentication failure. You will want to set this even if you just don't want allow empty password strings. default is false to not allow empty password strings

property key: AllowEmptyPassword

Parameters:
allowEmptyPassword -

getAllowEmptyPassword

public boolean getAllowEmptyPassword()
Get the value of allowing empty passwords during authentication.

property key: AllowEmptyPassword

setProviderUrl

public void setProviderUrl(java.lang.String providerUrl)
Set the LDAP URL to be used for connecting to the LDAP server. example: ldap://ldap.example.org/

property key: ProviderUrl

Parameters:
providerUrl -

getProviderUrl

public java.lang.String getProviderUrl()
Get the LDAP URL to be used for connecting to the LDAP server.

property key: ProviderUrl

setBaseDN

public void setBaseDN(java.lang.String BaseDN)
Set the Base DN you want to confine your connection or search to within the LDAP server. example: dc=example,dc=org

property key: BaseDN

Parameters:
BaseDN -

getBaseDN

public java.lang.String getBaseDN()
Get the Base DN set to confine the connection or search within the LDAP server.

property key: BaseDN

setSearchFilter

public void setSearchFilter(java.lang.String searchFilter)
Set the search filter you want to have used when searching for authorized accounts within LDAP. Use the string {0} in your filter string to indicate where the username should be substituted in. example: (&(uid={0})(objectClass=Person))

property key: SearchFilter

Parameters:
searchFilter -

getSearchFilter

public java.lang.String getSearchFilter()
Get the search filter set to be use when searching for authorized accounts within LDAP.

property key: SearchFilter

getCompletedSearchFilter

public java.lang.String getCompletedSearchFilter()
Get the search filter resulting from substituting the username into it. The string "{0}" is replaced with the username in the search filter. The searchFilter is taken from what is set in this object. The username is taken from what is set in this object.

getCompletedSearchFilter

public java.lang.String getCompletedSearchFilter(java.lang.String username)
Get the search filter resulting from substituting the username into it. The string "{0}" is replaced with the username in the search filter. The searchFilter is taken from what is set in this object. The username is taken from what is provided.

Parameters:
username -

getCompletedSearchFilter

public java.lang.String getCompletedSearchFilter(java.lang.String searchFilter,
                                                 java.lang.String username)
Get the search filter resulting from substituting the username into it. The string "{0}" is replaced with the username in the search filter. The searchFilter is taken from what is provided. The username is taken from what is provided.

Parameters:
searchFilter -
username -

bindauthusername

public boolean bindauthusername()
Attempt to authenticate a user from the username and password set in the object. (See bindauthusername(String,String))

bindauthusername

public boolean bindauthusername(java.lang.String username)
Attempt to authenticate a user from a provided username and the password set in the object which by default the password is an empty string. (See bindauthusername(String,String))

Parameters:
username -

bindauthusername

public boolean bindauthusername(java.lang.String username,
                                java.lang.String password)
Attempt to authenticate a user from a provided username and password. The username is passed to searchfordn(String) to retrieve a DN for the user, then the result of the userDN and given password being passed into bindauthdn(String,String) is returned.

Parameters:
username -
password -

bindauthdn

public boolean bindauthdn(java.lang.String userDN)
Attempt to authenticate a user from a provided user DN and the password set in the object which by default the password is an empty string.

Parameters:
userDN -

bindauthdn

public boolean bindauthdn(java.lang.String userDN,
                          java.lang.String password)
Attempt to authenticate a user from a provided user DN and password

Parameters:
userDN -
password -

searchfordn

public java.lang.String searchfordn()
Search for the userDN using the searchFilter and username set in this object.

searchfordn

public java.lang.String searchfordn(java.lang.String username)
Search for the userDN using the provided username and the searchFilter set in this object.

Parameters:
username -

searchfordn

public java.lang.String searchfordn(java.lang.String searchFilter,
                                    java.lang.String username)
Search for the userDN using the provided searchFilter and username. If an annonymous bind to the LDAP server cannot fully search LDAP with the provided search filter, ensure you have provided an account which can perform the search using setBindDN(java.lang.String) and setBindPassword(java.lang.String) or setting the equivelant property in the property file.

Parameters:
searchFilter -
username -
Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD