KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jivesoftware > messenger > ldap > LdapAuthProvider


1 /**
2  * $RCSfile: LdapAuthProvider.java,v $
3  * $Revision: 1.8 $
4  * $Date: 2005/04/11 21:04:01 $
5  *
6  * Copyright (C) 2004 Jive Software. All rights reserved.
7  *
8  * This software is published under the terms of the GNU Public License (GPL),
9  * a copy of which is included in this distribution.
10  */
11
12 package org.jivesoftware.messenger.ldap;
13
14 import org.jivesoftware.messenger.auth.AuthProvider;
15 import org.jivesoftware.messenger.auth.UnauthorizedException;
16 import org.jivesoftware.util.Cache;
17 import org.jivesoftware.util.JiveConstants;
18 import org.jivesoftware.util.JiveGlobals;
19 import org.jivesoftware.util.StringUtils;
20
21 /**
22  * Implementation of auth provider interface for LDAP authentication service plug-in.
23  * Only plaintext authentication is currently supported.<p>
24  *
25  * Optionally, an authentication cache can be enabled. When enabled, a hashed version
26  * of the user's password is cached for a variable length of time (2 hours by default).
27  * This can decrease load on the directory and preserve some level of service even
28  * when the directory becomes unavailable for a period of time.<ul>
29  *
30  * <li><tt>ldap.authCache.enabled</tt> -- true to enable the auth cache.</li>
31  * <li><tt>ldap.authCache.size</tt> -- size in bytes of the auth cache. If property is
32  * not set, the default value is 524288 (512 K).
33  * <li><tt>ldap.authCache.maxLifetime</tt> -- maximum amount of time a hashed password
34  * can be cached in milleseconds. If property is not set, the default value is
35  * 7200000 (2 hours).
36  * </tt>
37  *
38  * @author Matt Tucker
39  */
40 public class LdapAuthProvider implements AuthProvider {
41
42     private LdapManager manager;
43     private Cache authCache = null;
44
45     public LdapAuthProvider() {
46         manager = LdapManager.getInstance();
47         if (Boolean.valueOf(JiveGlobals.getXMLProperty("ldap.authCache.enabled")).booleanValue()) {
48             int maxSize = JiveGlobals.getXMLProperty("ldap.authCache.size", 512*1024);
49             long maxLifetime = (long)JiveGlobals.getXMLProperty("ldap.authCache.maxLifetime",
50                     (int)JiveConstants.HOUR * 2);
51             authCache = new Cache("LDAP Auth Cache", maxSize, maxLifetime);
52         }
53     }
54
55     public boolean isPlainSupported() {
56         return true;
57     }
58
59     public boolean isDigestSupported() {
60         return false;
61     }
62
63     public void authenticate(String JavaDoc username, String JavaDoc password) throws UnauthorizedException {
64         if (username == null || password == null || "".equals(password.trim())) {
65             throw new UnauthorizedException();
66         }
67
68         // If cache is enabled, see if the auth is in cache.
69 if (authCache != null && authCache.containsKey(username)) {
70             String JavaDoc hash = (String JavaDoc)authCache.get(username);
71             if (StringUtils.hash(password).equals(hash)) {
72                 return;
73             }
74         }
75
76         String JavaDoc userDN = null;
77         try {
78             // The username by itself won't help us much with LDAP since we
79 // need a fully qualified dn. We could make the assumption that
80 // the baseDN would always be the location of user profiles. For
81 // example if the baseDN was set to "ou=People, o=jivesoftare, o=com"
82 // then we would be able to directly load users from that node
83 // of the LDAP tree. However, it's a poor assumption that only a
84 // flat structure will be used. Therefore, we search all subtrees
85 // of the baseDN for the username. So, if the baseDN is set to
86 // "o=jivesoftware, o=com" then a search will include the "People"
87 // node as well all the others under the base.
88 userDN = manager.findUserDN(username);
89
90             // See if the user authenticates.
91 if (!manager.checkAuthentication(userDN, password)) {
92                 throw new UnauthorizedException("Username and password don't match");
93             }
94         }
95         catch (Exception JavaDoc e) {
96             throw new UnauthorizedException(e);
97         }
98
99         // If cache is enabled, add the item to cache.
100 if (authCache != null) {
101             authCache.put(username, StringUtils.hash(password));
102         }
103     }
104
105     public void authenticate(String JavaDoc username, String JavaDoc token, String JavaDoc digest) throws UnsupportedOperationException JavaDoc {
106         throw new UnsupportedOperationException JavaDoc("Digest authentication not currently supported.");
107     }
108
109     public void updatePassword(String JavaDoc username, String JavaDoc password) throws UnsupportedOperationException JavaDoc {
110         throw new UnsupportedOperationException JavaDoc("Cannot update password in LDAP");
111     }
112 }
Popular Tags