1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.core.authn;
21
22
23 import java.net.SocketAddress;
24
25 import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
26 import org.apache.directory.api.ldap.model.entry.Entry;
27 import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException;
28 import org.apache.directory.api.ldap.model.exception.LdapException;
29 import org.apache.directory.api.ldap.model.name.Dn;
30 import org.apache.directory.api.util.Strings;
31 import org.apache.directory.ldap.client.api.LdapConnectionConfig;
32 import org.apache.directory.ldap.client.api.LdapNetworkConnection;
33 import org.apache.directory.ldap.client.api.NoVerificationTrustManager;
34 import org.apache.directory.server.core.api.LdapPrincipal;
35 import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
36 import org.apache.directory.server.i18n.I18n;
37 import org.apache.mina.core.session.IoSession;
38
39
40
41
42
43
44
45 public class DelegatingAuthenticator extends AbstractAuthenticator
46 {
47
48 private static final boolean IS_DEBUG = LOG.isDebugEnabled();
49
50
51 private String delegateHost;
52
53
54 private int delegatePort;
55
56
57 private boolean delegateSsl;
58
59
60 private boolean delegateTls;
61
62
63 private String delegateSslTrustManagerFQCN;
64
65
66 private String delegateTlsTrustManagerFQCN;
67
68
69
70
71
72 public DelegatingAuthenticator()
73 {
74 super( AuthenticationLevel.SIMPLE );
75 }
76
77
78
79
80
81
82
83 public DelegatingAuthenticator( Dn baseDn )
84 {
85 super( AuthenticationLevel.SIMPLE, baseDn );
86 }
87
88
89
90
91
92
93
94
95 protected DelegatingAuthenticator( AuthenticationLevel type, Dn baseDn )
96 {
97 super( type, baseDn );
98 }
99
100
101
102
103
104 public String getDelegateHost()
105 {
106 return delegateHost;
107 }
108
109
110
111
112
113 public void setDelegateHost( String delegateHost )
114 {
115 this.delegateHost = delegateHost;
116 }
117
118
119
120
121
122 public int getDelegatePort()
123 {
124 return delegatePort;
125 }
126
127
128
129
130
131 public void setDelegatePort( int delegatePort )
132 {
133 this.delegatePort = delegatePort;
134 }
135
136
137
138
139
140 public boolean isDelegateSsl()
141 {
142 return delegateSsl;
143 }
144
145
146
147
148
149 public void setDelegateSsl( boolean delegateSsl )
150 {
151 this.delegateSsl = delegateSsl;
152 }
153
154
155
156
157
158 public String getDelegateBaseDn()
159 {
160 return getBaseDn().toString();
161 }
162
163
164
165
166
167 public boolean isDelegateTls()
168 {
169 return delegateTls;
170 }
171
172
173
174
175
176 public void setDelegateTls( boolean delegateTls )
177 {
178 this.delegateTls = delegateTls;
179 }
180
181
182
183
184
185 public String getDelegateSslTrustManagerFQCN()
186 {
187 return delegateSslTrustManagerFQCN;
188 }
189
190
191
192
193
194 public void setDelegateSslTrustManagerFQCN( String delegateSslTrustManagerFQCN )
195 {
196 this.delegateSslTrustManagerFQCN = delegateSslTrustManagerFQCN;
197 }
198
199
200
201
202
203 public String getDelegateTlsTrustManagerFQCN()
204 {
205 return delegateTlsTrustManagerFQCN;
206 }
207
208
209
210
211
212 public void setDelegateTlsTrustManagerFQCN( String delegateTlsTrustManagerFQCN )
213 {
214 this.delegateTlsTrustManagerFQCN = delegateTlsTrustManagerFQCN;
215 }
216
217
218
219
220
221 @Override
222 public LdapPrincipal authenticate( BindOperationContext bindContext )
223 throws LdapException
224 {
225 LdapPrincipal principal = null;
226
227 if ( IS_DEBUG )
228 {
229 LOG.debug( "Authenticating {}", bindContext.getDn() );
230 }
231
232
233 Dn bindDn = bindContext.getDn();
234
235
236
237 if ( ( getBaseDn() == null ) || ( !bindDn.isDescendantOf( getBaseDn() ) ) )
238 {
239 return null;
240 }
241
242 LdapConnectionConfig connectionConfig;
243 LdapNetworkConnection ldapConnection;
244
245
246 if ( delegateTls )
247 {
248 connectionConfig = new LdapConnectionConfig();
249 connectionConfig.setLdapHost( delegateHost );
250 connectionConfig.setLdapPort( delegatePort );
251 connectionConfig.setTrustManagers( new NoVerificationTrustManager() );
252
253 ldapConnection = new LdapNetworkConnection( connectionConfig );
254 ldapConnection.connect();
255 ldapConnection.startTls();
256 }
257 else if ( delegateSsl )
258 {
259 connectionConfig = new LdapConnectionConfig();
260 connectionConfig.setLdapHost( delegateHost );
261 connectionConfig.setUseSsl( true );
262 connectionConfig.setLdapPort( delegatePort );
263 connectionConfig.setTrustManagers( new NoVerificationTrustManager() );
264
265 ldapConnection = new LdapNetworkConnection( connectionConfig );
266 ldapConnection.connect();
267 }
268 else
269 {
270 connectionConfig = new LdapConnectionConfig();
271 connectionConfig.setLdapHost( delegateHost );
272 connectionConfig.setLdapPort( delegatePort );
273
274 ldapConnection = new LdapNetworkConnection( delegateHost, delegatePort );
275 ldapConnection.connect();
276 }
277
278 ldapConnection.setTimeOut( 0L );
279
280 try
281 {
282
283 try
284 {
285 ldapConnection.bind( bindDn, Strings.utf8ToString( bindContext.getCredentials() ) );
286 }
287 catch ( LdapException le )
288 {
289 String message = I18n.err( I18n.ERR_230, bindDn.getName() );
290 LOG.info( message );
291 throw new LdapAuthenticationException( message );
292 }
293 finally
294 {
295
296 ldapConnection.unBind();
297
298 if ( IS_DEBUG )
299 {
300 LOG.debug( "Authenticated successfully {}", bindContext.getDn() );
301 }
302 }
303
304
305 principal = new LdapPrincipal( getDirectoryService().getSchemaManager(), bindDn,
306 AuthenticationLevel.SIMPLE,
307 bindContext.getCredentials() );
308
309 IoSession session = bindContext.getIoSession();
310
311 if ( session != null )
312 {
313 SocketAddress clientAddress = session.getRemoteAddress();
314 principal.setClientAddress( clientAddress );
315 SocketAddress serverAddress = session.getServiceAddress();
316 principal.setServerAddress( serverAddress );
317 }
318
319 return principal;
320 }
321 catch ( LdapException e )
322 {
323
324 String message = I18n.err( I18n.ERR_230, bindDn.getName() );
325 LOG.info( message );
326 throw new LdapAuthenticationException( message );
327 }
328 finally
329 {
330 ldapConnection.close();
331 }
332 }
333
334
335
336
337
338 @Override
339 public void checkPwdPolicy( Entry userEntry ) throws LdapException
340 {
341
342 }
343
344
345
346
347
348 @Override
349 public void invalidateCache( Dn bindDn )
350 {
351
352 }
353 }