1 18 package org.apache.activemq.jaas.ldap; 19 20 import java.io.IOException ; 21 import java.net.InetAddress ; 22 import java.net.InetSocketAddress ; 23 import java.util.Hashtable ; 24 import java.util.Iterator ; 25 import java.util.Properties ; 26 import javax.naming.Context ; 27 import javax.naming.NamingException ; 28 import javax.naming.directory.DirContext ; 29 import javax.naming.ldap.Control ; 30 import javax.naming.ldap.InitialLdapContext ; 31 import javax.naming.ldap.LdapContext ; 32 33 import org.apache.commons.logging.Log; 34 import org.apache.commons.logging.LogFactory; 35 import org.apache.kerberos.protocol.KerberosProtocolProvider; 36 import org.apache.kerberos.sam.SamSubsystem; 37 import org.apache.kerberos.service.KdcConfiguration; 38 import org.apache.kerberos.store.JndiPrincipalStoreImpl; 39 import org.apache.kerberos.store.PrincipalStore; 40 import org.apache.ldap.common.exception.LdapConfigurationException; 41 import org.apache.ldap.common.name.LdapName; 42 import org.apache.ldap.common.util.NamespaceTools; 43 import org.apache.ldap.common.util.PropertiesUtils; 44 import org.apache.ldap.server.jndi.ContextFactoryService; 45 import org.apache.ldap.server.jndi.CoreContextFactory; 46 import org.apache.ldap.server.protocol.LdapProtocolProvider; 47 import org.apache.mina.common.TransportType; 48 import org.apache.mina.registry.Service; 49 import org.apache.mina.registry.ServiceRegistry; 50 51 52 59 public class ServerContextFactory extends CoreContextFactory { 60 private static final Log log = LogFactory.getLog(ServerContextFactory.class); 61 private static Service ldapService; 62 private static Service kerberosService; 63 private static ServiceRegistry minaRegistry; 64 65 protected ServiceRegistry getMinaRegistry() { 66 return minaRegistry; 67 } 68 69 public void afterShutdown(ContextFactoryService service) { 70 if (minaRegistry != null) { 71 if (ldapService != null) { 72 minaRegistry.unbind(ldapService); 73 if (log.isInfoEnabled()) { 74 log.info("Unbind of LDAP Service complete: " + ldapService); 75 } 76 ldapService = null; 77 } 78 79 if (kerberosService != null) { 80 minaRegistry.unbind(kerberosService); 81 if (log.isInfoEnabled()) { 82 log.info("Unbind of KRB5 Service complete: " + kerberosService); 83 } 84 kerberosService = null; 85 } 86 } 87 } 88 89 public void afterStartup(ContextFactoryService service) throws NamingException { 90 ServerStartupConfiguration cfg = 91 (ServerStartupConfiguration) service.getConfiguration().getStartupConfiguration(); 92 Hashtable env = service.getConfiguration().getEnvironment(); 93 94 if (cfg.isEnableNetworking()) { 95 setupRegistry(cfg); 96 startLdapProtocol(cfg, env); 97 98 if (cfg.isEnableKerberos()) { 99 startKerberosProtocol(env); 100 } 101 } 102 } 103 104 107 private void setupRegistry(ServerStartupConfiguration cfg) { 108 minaRegistry = cfg.getMinaServiceRegistry(); 109 } 110 111 112 117 private void startKerberosProtocol(Hashtable env) throws NamingException { 118 122 Properties props = new Properties (); 123 Iterator list = env.keySet().iterator(); 124 while (list.hasNext()) { 125 String key = (String ) list.next(); 126 127 if (env.get(key) instanceof String ) { 128 props.setProperty(key, (String ) env.get(key)); 129 } 130 } 131 132 KdcConfiguration config = new KdcConfiguration(props); 134 int port = PropertiesUtils.get(env, KdcConfiguration.KERBEROS_PORT_KEY, KdcConfiguration.DEFAULT_KERBEROS_PORT); 135 Service service = new Service("kerberos", TransportType.DATAGRAM, new InetSocketAddress (port)); 136 LdapContext ctx = getBaseRealmContext(config, env); 137 PrincipalStore store = new JndiPrincipalStoreImpl(ctx, new LdapName("ou=Users")); 138 SamSubsystem.getInstance().setUserContext((DirContext ) ctx, "ou=Users"); 139 140 try { 141 minaRegistry.bind(service, new KerberosProtocolProvider(config, store)); 142 kerberosService = service; 143 if (log.isInfoEnabled()) { 144 log.info("Successful bind of KRB5 Service completed: " + kerberosService); 145 } 146 } 147 catch (IOException e) { 148 log.error("Could not start the kerberos service on port " + 149 KdcConfiguration.DEFAULT_KERBEROS_PORT, e); 150 } 151 } 152 153 154 163 private LdapContext getBaseRealmContext(KdcConfiguration config, Hashtable env) throws NamingException { 164 Hashtable cloned = (Hashtable ) env.clone(); 165 String dn = NamespaceTools.inferLdapName(config.getPrimaryRealm()); 166 cloned.put(Context.PROVIDER_URL, dn); 167 168 if (log.isInfoEnabled()) { 169 log.info("Getting initial context for realm base at " + dn + " for " + config.getPrimaryRealm()); 170 } 171 172 return new InitialLdapContext (cloned, new Control []{}); 173 } 174 175 176 181 private void startLdapProtocol(ServerStartupConfiguration cfg, Hashtable env) throws NamingException { 182 int port = cfg.getLdapPort(); 183 InetAddress host = cfg.getHost(); 184 Service service = new Service("ldap", TransportType.SOCKET, new InetSocketAddress (host, port)); 185 186 try { 187 minaRegistry.bind(service, new LdapProtocolProvider((Hashtable ) env.clone())); 188 ldapService = service; 189 if (log.isInfoEnabled()) { 190 log.info("Successful bind of LDAP Service completed: " + ldapService); 191 } 192 } 193 catch (IOException e) { 194 String msg = "Failed to bind the LDAP protocol service to the service registry: " + service; 195 LdapConfigurationException lce = new LdapConfigurationException(msg); 196 lce.setRootCause(e); 197 log.error(msg, e); 198 throw lce; 199 } 200 } 201 } 202 | Popular Tags |