Package org.jivesoftware.util

Examples of org.jivesoftware.util.JiveInitialLdapContext


        if (debug) {
            Log.debug("LdapManager: Created hashtable with context values, attempting to create context...");
        }
        // Create new initial context
        JiveInitialLdapContext context = new JiveInitialLdapContext(env, null);
       
        // TLS http://www.ietf.org/rfc/rfc2830.txt ("1.3.6.1.4.1.1466.20037")
    if (startTlsEnabled && !sslEnabled) {
      if (debug) {
        Log.debug("LdapManager: ... StartTlsRequest");
      }
      if (followReferrals)
        Log.warn("\tConnections to referrals are unencrypted! If you do not want this, please turn off ldap.autoFollowReferrals");

      // Perform a StartTLS extended operation
      StartTlsResponse tls = (StartTlsResponse)
        context.extendedOperation(new StartTlsRequest());
     

      /* Open a TLS connection (over the existing LDAP association) and
         get details of the negotiated TLS session: cipher suite,
         peer certificate, etc. */
      try {
        SSLSession session = tls.negotiate(new org.jivesoftware.util.SimpleSSLSocketFactory());
       
        context.setTlsResponse(tls);
        context.setSslSession(session);
       
        if (debug) {
          Log.debug("LdapManager: ... peer host: "
              + session.getPeerHost()
              + ", CipherSuite: " + session.getCipherSuite());
        }
       
        /* Set login credentials only if SSL session has been
         * negotiated successfully - otherwise user/password
         * could be transmitted in clear text. */
        if (adminDN != null) {
          context.addToEnvironment(
              Context.SECURITY_AUTHENTICATION,
              "simple");
          context.addToEnvironment(
              Context.SECURITY_PRINCIPAL,
              adminDN);
          if (adminPassword != null)
            context.addToEnvironment(
                Context.SECURITY_CREDENTIALS,
                adminPassword);
        }
      } catch (java.io.IOException ex) {
        Log.error(ex.getMessage(), ex);
View Full Code Here


             if (!sslEnabled && !startTlsEnabled)
               Log.debug("LdapManager: Warning: Using unencrypted connection to LDAP service!");
        }

        JiveInitialLdapContext ctx = null;
        try {
            // See if the user authenticates.
            Hashtable<String, Object> env = new Hashtable<String, Object>();
            env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
            env.put(Context.PROVIDER_URL, getProviderURL(baseDN));
            if (sslEnabled) {
                env.put("java.naming.ldap.factory.socket",
                        "org.jivesoftware.util.SimpleSSLSocketFactory");
                env.put(Context.SECURITY_PROTOCOL, "ssl");
            }

            /* If startTLS is requested we MUST NOT bind() before
             * the secure connection has been established. */
            if (!(startTlsEnabled && !sslEnabled)) {
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL, userDN + "," + baseDN);
        env.put(Context.SECURITY_CREDENTIALS, password);
      } else {
        if (followReferrals)
          Log.warn("\tConnections to referrals are unencrypted! If you do not want this, please turn off ldap.autoFollowReferrals");
      }

      // Specify timeout to be 10 seconds, only on non SSL since SSL connections
            // break with a timeout.
            if (!sslEnabled) {
                env.put("com.sun.jndi.ldap.connect.timeout", "10000");
            }
            if (readTimeout > 0) {
                env.put("com.sun.jndi.ldap.read.timeout", String.valueOf(readTimeout));
            }
            if (ldapDebugEnabled) {
                env.put("com.sun.jndi.ldap.trace.ber", System.err);
            }
            if (followReferrals) {
                env.put(Context.REFERRAL, "follow");
            }
            if (!followAliasReferrals) {
                env.put("java.naming.ldap.derefAliases", "never");
            }

            if (debug) {
                Log.debug("LdapManager: Created context values, attempting to create context...");
            }
            ctx = new JiveInitialLdapContext(env, null);
           
            if (startTlsEnabled && !sslEnabled) {
             
          if (debug) {
            Log.debug("LdapManager: ... StartTlsRequest");
          }

          // Perform a StartTLS extended operation
          StartTlsResponse tls = (StartTlsResponse)
            ctx.extendedOperation(new StartTlsRequest());

          /* Open a TLS connection (over the existing LDAP association) and
             get details of the negotiated TLS session: cipher suite,
             peer certificate, etc. */
          try {
            SSLSession session = tls.negotiate(new org.jivesoftware.util.SimpleSSLSocketFactory());
           
            ctx.setTlsResponse(tls);
            ctx.setSslSession(session);
           
            if (debug) {
              Log.debug("LdapManager: ... peer host: "
                  + session.getPeerHost()
                  + ", CipherSuite: " + session.getCipherSuite());
            }

            ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
            ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,
                userDN + "," + baseDN);
            ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
         
          } catch (java.io.IOException ex) {
            Log.error(ex.getMessage(), ex);
          }

        // make at least one lookup to check authorization
        lookupExistence(
            ctx,
            userDN + "," + baseDN,
            new String[] {usernameField});
            }
           
            if (debug) {
                Log.debug("LdapManager: ... context created successfully, returning.");
            }
        }
        catch (NamingException ne) {
            // If an alt baseDN is defined, attempt a lookup there.
            if (alternateBaseDN != null) {
                try {
                    if (ctx != null) {
                        ctx.close();
                    }
                }
                catch (Exception e) {
                    Log.error(e.getMessage(), e);
                }
                try {
                    // See if the user authenticates.
                    Hashtable<String, Object> env = new Hashtable<String, Object>();
                    // Use a custom initial context factory if specified. Otherwise, use the default.
                    env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
                    env.put(Context.PROVIDER_URL, getProviderURL(alternateBaseDN));
                    if (sslEnabled) {
                        env.put("java.naming.ldap.factory.socket", "org.jivesoftware.util.SimpleSSLSocketFactory");
                        env.put(Context.SECURITY_PROTOCOL, "ssl");
                    }
                   
                    /* If startTLS is requested we MUST NOT bind() before
                     * the secure connection has been established. */
                    if (!(startTlsEnabled && !sslEnabled)) {
                      env.put(Context.SECURITY_AUTHENTICATION, "simple");
                      env.put(Context.SECURITY_PRINCIPAL, userDN + "," + alternateBaseDN);
                      env.put(Context.SECURITY_CREDENTIALS, password);
                    }
                    // Specify timeout to be 10 seconds, only on non SSL since SSL connections
                    // break with a timemout.
                    if (!sslEnabled) {
                        env.put("com.sun.jndi.ldap.connect.timeout", "10000");
                    }
                    if (ldapDebugEnabled) {
                        env.put("com.sun.jndi.ldap.trace.ber", System.err);
                    }
                    if (followReferrals) {
                        env.put(Context.REFERRAL, "follow");
                    }
                    if (!followAliasReferrals) {
                        env.put("java.naming.ldap.derefAliases", "never");
                    }
                    if (debug) {
                        Log.debug("LdapManager: Created context values, attempting to create context...");
                    }
                    ctx = new JiveInitialLdapContext(env, null);
                   
                    if (startTlsEnabled && !sslEnabled) {
                     
                  if (debug) {
                    Log.debug("LdapManager: ... StartTlsRequest");
                  }

                  // Perform a StartTLS extended operation
                  StartTlsResponse tls = (StartTlsResponse)
                    ctx.extendedOperation(new StartTlsRequest());

                  /* Open a TLS connection (over the existing LDAP association) and
                     get details of the negotiated TLS session: cipher suite,
                     peer certificate, etc. */
                  try {
                    SSLSession session = tls.negotiate(new org.jivesoftware.util.SimpleSSLSocketFactory());
                   
                    ctx.setTlsResponse(tls);
                    ctx.setSslSession(session);
                   
                    if (debug) {
                      Log.debug("LdapManager: ... peer host: "
                          + session.getPeerHost()
                          + ", CipherSuite: " + session.getCipherSuite());
                    }

                    ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
                    ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,
                        userDN + "," + alternateBaseDN);
                    ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
                 
                  } catch (java.io.IOException ex) {
                    Log.error(ex.getMessage(), ex);
                  }
               
                // make at least one lookup to check user authorization
                lookupExistence(
                    ctx,
                    userDN + "," + alternateBaseDN,
                    new String[] {usernameField});
                    }
                }
                catch (NamingException e) {
                    if (debug) {
                        Log.debug("LdapManager: Caught a naming exception when creating InitialContext", ne);
                    }
                    return false;
                }
            }
            else {
                if (debug) {
                    Log.debug("LdapManager: Caught a naming exception when creating InitialContext", ne);
                }
                return false;
            }
        }
        finally {
            try {
                if (ctx != null) {
                    ctx.close();
                }
            }
            catch (Exception e) {
                Log.error(e.getMessage(), e);
            }
View Full Code Here

TOP

Related Classes of org.jivesoftware.util.JiveInitialLdapContext

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.