+++++++++++++++++++++++++++++++++++++++++++++++++++ package org.apache.juddi.v3.auth; import javax.naming.ldap.Control; public class LdapFastBindConnectionControl implements Control { private static final long serialVersionUID = 7847083714026112317L; public byte[] getEncodedValue() { return null; } public String getID() { return "1.2.840.113556.1.4.1781"; } public boolean isCritical() { return true; } } +++++++++++++++++++++++++++++++++++++++++++++++++++ import java.util.Hashtable; import javax.naming.Context; import javax.naming.NamingEnumeration; import javax.naming.NamingException; import javax.naming.directory.Attribute; import javax.naming.directory.Attributes; import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.naming.ldap.Control; import javax.naming.ldap.InitialLdapContext; import javax.naming.ldap.LdapContext; import javax.persistence.EntityManager; import javax.persistence.EntityTransaction; import org.apache.juddi.config.PersistenceManager; import org.apache.juddi.model.Publisher; import org.apache.juddi.model.UddiEntityPublisher; import org.apache.juddi.v3.error.AuthenticationException; import org.apache.juddi.v3.error.ErrorMessage; import org.apache.juddi.v3.error.FatalErrorException; import org.apache.juddi.v3.error.UnknownUserException; import org.apache.log4j.Logger; public class LdapFastBindAuthenticator implements Authenticator { private Logger log = Logger.getLogger(this.getClass()); private Hashtable env = null; private LdapContext ctx = null; private Control[] connCtls = null; public LdapFastBindAuthenticator(String url) throws NamingException { env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.PROVIDER_URL, url); // organization ldap url, example ldap://localhost:389 connCtls = new Control[] { new LdapFastBindConnectionControl() }; try { ctx = new InitialLdapContext(env, connCtls); } catch (NamingException e) { log.error("Naming exception " + e); throw e; } } public String authenticate(String authorizedName, String cred) throws AuthenticationException, FatalErrorException { if (authorizedName == null || "".equals(authorizedName)) { throw new UnknownUserException(new ErrorMessage("errors.auth.NoPublisher", authorizedName)); } boolean isLdapUser = false; try { ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, authorizedName); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, cred); ctx.reconnect(connCtls); log.info(authorizedName + " is authenticated"); /* if we don't want search ldap any further we set isLdap as true, and skip the code between START HERE and END HERE */ /* Here is possible to make some more extensive search in ldap to see if the user is part of some group only allowed to access the registry. */ /* START HERE */ //Create the search controls SearchControls searchCtls = new SearchControls(); //Specify the search scope searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); //specify the LDAP search filter String searchFilter = "(&(objectClass=user)(mail=user@mydomain.com)(department=foo))"; //Specify the Base for the search String searchBase = "DC=domain,DC=com"; //initialize counter to total the group members int totalResults = 0; //Specify the attributes to return String returnedAtts[]={"memberOf"}; searchCtls.setReturningAttributes(returnedAtts); //Search for objects using the filter NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls); //Loop through the search results while (answer.hasMoreElements()) { SearchResult sr = (SearchResult)answer.next(); //Print out the groups Attributes attrs = sr.getAttributes(); if (attrs != null) { try { for (NamingEnumeration ae = attrs.getAll();ae.hasMore();) { Attribute attr = (Attribute)ae.next(); for (NamingEnumeration e = attr.getAll();e.hasMore();totalResults++) { //System.out.println(" " + totalResults + ". " + e.next()); String tmp = e.next().toString(); if (tmp.equalsIgnoreCase("CN=Foo,OU=Bar,OU=Bleh,OU=Doh,DC=domain,DC=com")) { System.out.println(true); System.out.println("Authentication Success!"); isLdapUser = true; break; } else if (tmp.equalsIgnoreCase("CN=Foo,OU=Bar,OU=Bleh,OU=Doh,DC=domain,DC=com")) { System.out.println(true); System.out.println("Authentication Success!"); isLdapUser = true; break; } else { continue; } } } } catch (NamingException e) { throw new UnknownUserException(new ErrorMessage("errors.auth.NoPublisher", authorizedName)); } } } /* END HERE */ } catch (NamingException e) { log.error(authorizedName + " is not authenticated"); throw new UnknownUserException(new ErrorMessage("errors.auth.NoPublisher", authorizedName)); } finally { try { ctx.close(); } catch (NamingException e) { log.error("Context close failure " + e); } } if (isLdapUser) { EntityManager em = PersistenceManager.getEntityManager(); EntityTransaction tx = em.getTransaction(); try { tx.begin(); Publisher publisher = em.find(Publisher.class, authorizedName); if (publisher == null) { log.warn("Publisher was not found, adding the publisher in on the fly."); publisher = new Publisher(); publisher.setAuthorizedName(authorizedName); publisher.setIsAdmin("false"); publisher.setIsEnabled("true"); publisher.setMaxBindingsPerService(199); publisher.setMaxBusinesses(100); publisher.setMaxServicesPerBusiness(100); publisher.setMaxTmodels(100); publisher.setPublisherName("Unknown"); em.persist(publisher); tx.commit(); } } finally { if (tx.isActive()) { tx.rollback(); } em.close(); } } else { throw new UnknownUserException(new ErrorMessage("errors.auth.NoPublisher", authorizedName)); } return authorizedName; } public UddiEntityPublisher identify(String authInfo, String authorizedName) throws AuthenticationException, FatalErrorException { EntityManager em = PersistenceManager.getEntityManager(); EntityTransaction tx = em.getTransaction(); try { tx.begin(); Publisher publisher = em.find(Publisher.class, authorizedName); if (publisher == null) throw new UnknownUserException(new ErrorMessage("errors.auth.NoPublisher", authorizedName)); return publisher; } finally { if (tx.isActive()) { tx.rollback(); } em.close(); } } } +++++++++++++++++++++++++++++++++++++++++++++++++++