SimpleLdapManager.java

/**
 * Copyright (c) 2008-2011 Sonatype, Inc.
 * All rights reserved. Includes the third-party code listed at http://www.sonatype.com/products/nexus/attributions.
 *
 * This program is free software: you can redistribute it and/or modify it only under the terms of the GNU Affero General
 * Public License Version 3 as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License Version 3
 * for more details.
 *
 * You should have received a copy of the GNU Affero General Public License Version 3 along with this program.  If not, see
 * http://www.gnu.org/licenses.
 *
 * Sonatype Nexus (TM) Open Source Version is available from Sonatype, Inc. Sonatype and Sonatype Nexus are trademarks of
 * Sonatype, Inc. Apache Maven is a trademark of the Apache Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
 * All other trademarks are the property of their respective owners.
 */
/**
// * Sonatype Nexus (TM) Professional Version.
 * Copyright (c) 2008 Sonatype, Inc. All rights reserved.
 * Includes the third-party code listed at http://www.sonatype.com/products/nexus/attributions/.
 * "Sonatype" and "Sonatype Nexus" are trademarks of Sonatype, Inc.
 */
package org.sonatype.security.ldap.realms;

import java.net.MalformedURLException;
import java.util.Set;
import java.util.SortedSet;

import org.codehaus.plexus.component.annotations.Component;
import org.codehaus.plexus.component.annotations.Requirement;
import org.codehaus.plexus.util.StringUtils;
import org.apache.shiro.realm.ldap.LdapContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonatype.security.authentication.AuthenticationException;
import org.sonatype.security.ldap.LdapAuthenticator;
import org.sonatype.security.ldap.dao.LdapAuthConfiguration;
import org.sonatype.security.ldap.dao.LdapDAOException;
import org.sonatype.security.ldap.dao.LdapGroupDAO;
import org.sonatype.security.ldap.dao.LdapUser;
import org.sonatype.security.ldap.dao.LdapUserDAO;
import org.sonatype.security.ldap.dao.NoLdapUserRolesFoundException;
import org.sonatype.security.ldap.dao.NoSuchLdapGroupException;
import org.sonatype.security.ldap.dao.NoSuchLdapUserException;
import org.sonatype.security.ldap.realms.connector.DefaultLdapConnector;
import org.sonatype.security.ldap.realms.connector.LdapConnector;
import org.sonatype.security.ldap.realms.persist.LdapConfiguration;
import org.sonatype.security.ldap.realms.persist.model.CConnectionInfo;
import org.sonatype.security.ldap.realms.tools.LdapURL;

@Component( role = LdapManager.class )
public class SimpleLdapManager
    implements LdapManager
{

    private Logger logger = LoggerFactory.getLogger( getClass() );
    
    @Requirement
    private LdapAuthenticator ldapAuthenticator;
    
    @Requirement
    private LdapUserDAO ldapUserManager;

    @Requirement
    private LdapGroupDAO ldapGroupManager;

    @Requirement
    private LdapConfiguration ldapConfiguration;

    private LdapConnector ldapManagerStrategy;

    public SortedSet<String> getAllGroups()
        throws LdapDAOException
    {
        return this.getLdapManagerConnector().getAllGroups();
    }

    public SortedSet<LdapUser> getAllUsers()
        throws LdapDAOException
    {
        return this.getLdapManagerConnector().getAllUsers();
    }

    public String getGroupName( String groupId )
        throws LdapDAOException, NoSuchLdapGroupException
    {
        return this.getLdapManagerConnector().getGroupName( groupId );
    }

    public LdapUser getUser( String username )
        throws NoSuchLdapUserException,
            LdapDAOException
    {
        return this.getLdapManagerConnector().getUser( username );
    }

    public Set<String> getUserRoles( String userId )
        throws LdapDAOException, NoLdapUserRolesFoundException
    {
        return this.getLdapManagerConnector().getUserRoles( userId );
    }

    public SortedSet<LdapUser> getUsers( int userCount )
        throws LdapDAOException
    {
        return this.getLdapManagerConnector().getUsers( userCount );
    }

    public SortedSet<LdapUser> searchUsers( String username )
        throws LdapDAOException
    {
        return this.getLdapManagerConnector().searchUsers( username );
    }

    private LdapConnector getLdapManagerConnector()
        throws LdapDAOException
    {
        if ( this.ldapManagerStrategy == null )
        {
            this.ldapManagerStrategy = new DefaultLdapConnector(
                "test",
                this.ldapUserManager,
                this.ldapGroupManager,
                this.getLdapContextFactory(),
                this.getLdapAuthConfiguration() );
        }
        return this.ldapManagerStrategy;
    }
    
    protected LdapConfiguration getLdapConfiguration()
    {
        return this.ldapConfiguration;
    }
    
    protected LdapAuthConfiguration getLdapAuthConfiguration()
    {
        return this.getLdapConfiguration().getLdapAuthConfiguration();
    }

    protected LdapContextFactory getLdapContextFactory()
        throws LdapDAOException
    {
        DefaultLdapContextFactory defaultLdapContextFactory = new DefaultLdapContextFactory();

        if ( this.getLdapConfiguration() == null || this.getLdapConfiguration().readConnectionInfo() == null )
        {
            throw new LdapDAOException( "Ldap connection is not configured." );
        }

        CConnectionInfo connInfo = this.getLdapConfiguration().readConnectionInfo();

        String url;
        try
        {
            url = new LdapURL( connInfo.getProtocol(), connInfo.getHost(), connInfo.getPort(), connInfo.getSearchBase() )
                .toString();
        }
        catch ( MalformedURLException e )
        {
            // log an error, because the user could still log in and fix the config.
            this.logger.error( "LDAP Configuration is Invalid." );
            throw new LdapDAOException( "Invalid LDAP URL: " + e.getMessage() );
        }

        defaultLdapContextFactory.setUsePooling( true );
        defaultLdapContextFactory.setUrl( url );
        defaultLdapContextFactory.setSystemUsername( connInfo.getSystemUsername() );
        defaultLdapContextFactory.setSystemPassword( connInfo.getSystemPassword() );
        defaultLdapContextFactory.setSearchBase( connInfo.getSearchBase() );
        defaultLdapContextFactory.setAuthentication( connInfo.getAuthScheme() );

        return defaultLdapContextFactory;
    }

    public LdapUser authenticateUser( String userId, String password ) throws AuthenticationException
    {
        try
        {
            LdapUser ldapUser = this.getUser( userId );

            String authScheme = this.getLdapConfiguration().readConnectionInfo().getAuthScheme();

            if ( StringUtils.isEmpty( this
                .getLdapConfiguration().readUserAndGroupConfiguration().getUserPasswordAttribute() ) )
            {
                // auth with bind

                this.ldapAuthenticator.authenticateUserWithBind(
                    ldapUser,
                    password,
                    this.getLdapContextFactory(),
                    authScheme );
            }
            else
            {
                // auth by checking password,
                this.ldapAuthenticator.authenticateUserWithPassword( ldapUser, password );
            }
            
            // everything was successful  
            return ldapUser;
        }
        catch ( Exception e )
        {
            if( this.logger.isDebugEnabled())
            {
                this.logger.debug( "Failed to find user: " + userId, e );
            }
        }
        throw new AuthenticationException( "User: " + userId + " could not be authenticated." );
    }

}