/*
* @author Kemi *
*
* Creation/Modification History :
*
* 10-May-2006 created
*
*/
package com.daphne.security.ldap;
import com.daphne.security.ldap.LdapParameters;
import java.util.Hashtable;
import java.util.logging.Logger;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
/**
* This class manages all Directory operations.
*/
public class DirectoryManager {
private static DirContext dirctx = null;
private static final Logger logger =
Logger.getLogger(DirectoryManager.class.getName());
private static final String dir = "cn=orcladmin,cn=users,";
/**
* Empty default Constructor.
*/
public DirectoryManager() {
}
/**
* Checks if the specified uname is a member of the specified group.
*
* @param uname Relative Distinguished name of the user
* @param groupname Distingushed name of the group
* @return true - if the user belongs to the group, else false
* @exception NamingException if any directory operation fails
*/
public static boolean isUserInGroup(String uname,
String groupname) throws NamingException {
boolean ingroup = false;
// Get the Distinguished Name of the user
String userDN = getUserDN(uname);
String groupDN = getGroupDN(groupname);
if(userDN==null || groupDN==null){
return false;
}
// Filter to check if the user DN is a member
// A user is a member of a group if the uniqueMember attribute of that group entry
// has the user DN value.
String filter = "(uniqueMember=" + userDN + ")";
// Initialize search controls to search with scope as sub tree
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
// Set the attributes to be returned
// searchControls.setReturningAttributes(new String[] { "cn" });
// Search under the specified group
if(dirctx==null){
System.out.println("gerge");
}
NamingEnumeration results =
dirctx.search(groupDN, filter, searchControls);
// If the search has results, then the user is a member
if (results.hasMore()) {
ingroup = true;
}
// else user not present, i.e defaulted
return ingroup;
}
/**
* Authenticates the user credentials with Directory.
*
* @param username User Name of the user
* @param passwd Password of the user
* @return true - if the credentials are valid
*
* @exception AuthenticationException If credentials are invalid
* @exception NamingException if any directory operation fails
*/
public static boolean authenticateUser(String username,
String passwd) throws AuthenticationException,
NamingException {
boolean authorized = false;
// Get the Distinguished Name
String dn = getUserDN(username);
if(dn==null){
return false;
}
try {
// Authenticate with Directory
dirctx = getDirectoryContext(dn, passwd);
authorized = true;
} catch (AuthenticationException authEx) {
//throw new AuthenticationException(" Invalid Password ");
logger.severe("Invalid Password ");
}
return authorized;
}
/**
* Retrieves the Distinguished name of them of the specified RDN.
*
* @param uname Relative Distinguished name.
* @return Distinguished name of the user
* @exception NamingException if directory operation fails
*/
public static String getUserDN(String uname) throws NamingException {
// DirContext dCtx = null;
System.out.println("ROOT:" + LdapParameters.getRootContext());
System.out.println("User:" + LdapParameters.getUserContext());
System.out.println("Group:" + LdapParameters.getGroupContext());
System.out.println("RDN:" + LdapParameters.RDN);
// if Grocery context is available, use it, else create one as application entity
if (dirctx == null) {
dirctx=
getDirectoryContext(dir + LdapParameters.getRootContext(), "123qweasd");
}
if (dirctx == null) {
System.out.println("NULL DCTX");
} else {
System.out.println("Notnull DCTX");
}
SearchResult searchResult = null;
NamingEnumeration results = null;
String userDN = null;
String filter = "(" + LdapParameters.RDN + "=" + uname + ")";
// To set search controls to search with subtree scope
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
// Search the directory based on the search string from the specified context
try{
results =
dirctx.search(LdapParameters.getUserContext(), filter, searchControls);
}catch(Exception e){
logger.severe("Match Error:Invalid Username ");
}
// If matching record found
if (results.hasMore()) {
searchResult = (SearchResult)results.next();
// Build the User DN
userDN =
searchResult.getName() + "," + LdapParameters.getUserContext();
} else {
// User not found
//throw new NamingException(" Invalid Username ");
logger.severe("Invalid Username ");
}
return userDN;
}
public static String getGroupDN(String groupname) throws NamingException {
if (dirctx == null) {
dirctx =
getDirectoryContext(dir + LdapParameters.getRootContext(), "123qweasd");
}
if (dirctx == null) {
System.out.println("NULL DCTX");
} else {
System.out.println("Notnull DCTX");
}
SearchResult searchResult = null;
NamingEnumeration results = null;
String groupDN = null;
String filter = "(cn=" + groupname + ")";
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
results =
dirctx.search(LdapParameters.getGroupContext(), filter, searchControls);
// If matching record found
if (results.hasMore()) {
searchResult = (SearchResult)results.next();
groupDN =
searchResult.getName() + "," + LdapParameters.getGroupContext();
} else {
logger.severe("Invalid Groupname ");
}
return groupDN;
}
/**
* Initializes a Directory Context with the specified credentials and return it.
* If the password is blank(null), it binds as anonymous user and returns the
* context.
*
* @param username Directory user name
* @param password Directory user password
* @return valid directory context, if credentials are valid
* @exception AuthenticationException if credentails are invalid
* @exception NamingException if directory operation fails
*/
public static DirContext getDirectoryContext(String username,
String password) throws AuthenticationException,
NamingException {
DirContext dCtx = null;
//Build the LDAP url
String ldapurl =
"ldap://" + LdapParameters.dirHostName + ":" + LdapParameters.dirPort;
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapurl);
// if password is specified, set the credentials
if (password != null) {
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, username);
env.put(Context.SECURITY_CREDENTIALS, password);
}
// Bind and initialize the Directory context
dCtx = new InitialDirContext(env);
return dCtx;
}
// public static void main(String[] args) {
// DirectoryManager dm = new DirectoryManager();
// try {
// // if (dm.isUserInGroup("kemi", "销售")) {
// // System.out.println("True:User in Group");
// //
// // } else {
// // System.out.println("False:Wrong name or group");
// // }
// if(dm.authenticateUser("kemi","123qweasd")){
// System.out.println("True:Password successful");
// }else{
// System.out.println("False:Failed to match pw and name");
// }
// } catch (Exception e) {
// e.printStackTrace();
// }
// }
}