gemfire-core/src/test/java/templates/security/LdapUserAuthenticator.java

/*=========================================================================
* This implementation is provided on an "AS IS" BASIS,  WITHOUT WARRANTIES
* OR CONDITIONS OF ANY KIND, either express or implied."
*==========================================================================
*/

package templates.security;

import com.gemstone.gemfire.LogWriter;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.security.AuthenticationFailedException;
import com.gemstone.gemfire.security.Authenticator;

import java.security.Principal;
import java.util.Properties;
import javax.naming.Context;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;

/**
 * @author Kumar Neeraj
 * @since 5.5
 */
public class LdapUserAuthenticator implements Authenticator {

  private String ldapServer = null;

  private String basedn = null;

  private String ldapUrlScheme = null;

  public static final String LDAP_SERVER_NAME = "security-ldap-server";

  public static final String LDAP_BASEDN_NAME = "security-ldap-basedn";

  public static final String LDAP_SSL_NAME = "security-ldap-usessl";

  public static Authenticator create() {
    return new LdapUserAuthenticator();
  }

  public LdapUserAuthenticator() {
  }

  public void init(Properties securityProps, LogWriter systemLogger,
      LogWriter securityLogger) throws AuthenticationFailedException {
    this.ldapServer = securityProps.getProperty(LDAP_SERVER_NAME);
    if (this.ldapServer == null || this.ldapServer.length() == 0) {
      throw new AuthenticationFailedException(
          "LdapUserAuthenticator: LDAP server property [" + LDAP_SERVER_NAME
              + "] not specified");
    }
    this.basedn = securityProps.getProperty(LDAP_BASEDN_NAME);
    if (this.basedn == null || this.basedn.length() == 0) {
      throw new AuthenticationFailedException(
          "LdapUserAuthenticator: LDAP base DN property [" + LDAP_BASEDN_NAME
              + "] not specified");
    }
    String sslStr = securityProps.getProperty(LDAP_SSL_NAME);
    if (sslStr != null && sslStr.toLowerCase().equals("true")) {
      this.ldapUrlScheme = "ldaps://";
    }
    else {
      this.ldapUrlScheme = "ldap://";
    }
  }

  public Principal authenticate(Properties props, DistributedMember member) {

    String userName = props.getProperty(UserPasswordAuthInit.USER_NAME);
    if (userName == null) {
      throw new AuthenticationFailedException(
          "LdapUserAuthenticator: user name property ["
              + UserPasswordAuthInit.USER_NAME + "] not provided");
    }
    String passwd = props.getProperty(UserPasswordAuthInit.PASSWORD);
    if (passwd == null) {
      passwd = "";
    }

    Properties env = new Properties();
    env
        .put(Context.INITIAL_CONTEXT_FACTORY,
            "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, this.ldapUrlScheme + this.ldapServer + '/'
        + this.basedn);
    String fullentry = "uid=" + userName + "," + this.basedn;
    env.put(Context.SECURITY_PRINCIPAL, fullentry);
    env.put(Context.SECURITY_CREDENTIALS, passwd);
    try {
      DirContext ctx = new InitialDirContext(env);
      ctx.close();
    }
    catch (Exception e) {
      //TODO:hitesh need to add getCause message
      throw new AuthenticationFailedException(
          "LdapUserAuthenticator: Failure with provided username, password "
              + "combination for user name: " + userName);
    }
    return new UsernamePrincipal(userName);
  }

  public void close() {
  }

}