LdapServerBeanDefinitionParser.java

/*
 * Copyright 2002-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.config.ldap;

import java.io.IOException;
import java.net.ServerSocket;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.config.BeanIds;
import org.springframework.security.ldap.server.ApacheDSContainer;
import org.springframework.util.StringUtils;
import org.w3c.dom.Element;

/**
 * @author Luke Taylor
 */
public class LdapServerBeanDefinitionParser implements BeanDefinitionParser {
	private static final String CONTEXT_SOURCE_CLASS = "org.springframework.security.ldap.DefaultSpringSecurityContextSource";

	private final Log logger = LogFactory.getLog(getClass());

	/**
	 * Defines the Url of the ldap server to use. If not specified, an embedded apache DS
	 * instance will be created
	 */
	private static final String ATT_URL = "url";

	private static final String ATT_PRINCIPAL = "manager-dn";
	private static final String ATT_PASSWORD = "manager-password";

	// Properties which apply to embedded server only - when no Url is set

	/** sets the configuration suffix (default is "dc=springframework,dc=org"). */
	public static final String ATT_ROOT_SUFFIX = "root";
	private static final String OPT_DEFAULT_ROOT_SUFFIX = "dc=springframework,dc=org";
	/**
	 * Optionally defines an ldif resource to be loaded. Otherwise an attempt will be made
	 * to load all ldif files found on the classpath.
	 */
	public static final String ATT_LDIF_FILE = "ldif";
	private static final String OPT_DEFAULT_LDIF_FILE = "classpath*:*.ldif";

	/** Defines the port the LDAP_PROVIDER server should run on */
	public static final String ATT_PORT = "port";
	private static final int DEFAULT_PORT = 33389;
	public static final String OPT_DEFAULT_PORT = String.valueOf(DEFAULT_PORT);

	public BeanDefinition parse(Element elt, ParserContext parserContext) {
		String url = elt.getAttribute(ATT_URL);

		RootBeanDefinition contextSource;

		if (!StringUtils.hasText(url)) {
			contextSource = createEmbeddedServer(elt, parserContext);
		}
		else {
			contextSource = new RootBeanDefinition();
			contextSource.setBeanClassName(CONTEXT_SOURCE_CLASS);
			contextSource.getConstructorArgumentValues().addIndexedArgumentValue(0, url);
		}

		contextSource.setSource(parserContext.extractSource(elt));

		String managerDn = elt.getAttribute(ATT_PRINCIPAL);
		String managerPassword = elt.getAttribute(ATT_PASSWORD);

		if (StringUtils.hasText(managerDn)) {
			if (!StringUtils.hasText(managerPassword)) {
				parserContext.getReaderContext().error(
						"You must specify the " + ATT_PASSWORD + " if you supply a "
								+ managerDn, elt);
			}

			contextSource.getPropertyValues().addPropertyValue("userDn", managerDn);
			contextSource.getPropertyValues().addPropertyValue("password",
					managerPassword);
		}

		String id = elt.getAttribute(AbstractBeanDefinitionParser.ID_ATTRIBUTE);

		String contextSourceId = StringUtils.hasText(id) ? id : BeanIds.CONTEXT_SOURCE;

		parserContext.getRegistry()
				.registerBeanDefinition(contextSourceId, contextSource);

		return null;
	}

	/**
	 * Will be called if no url attribute is supplied.
	 *
	 * Registers beans to create an embedded apache directory server.
	 *
	 * @return the BeanDefinition for the ContextSource for the embedded server.
	 *
	 * @see ApacheDSContainer
	 */
	private RootBeanDefinition createEmbeddedServer(Element element,
			ParserContext parserContext) {
		Object source = parserContext.extractSource(element);

		String suffix = element.getAttribute(ATT_ROOT_SUFFIX);

		if (!StringUtils.hasText(suffix)) {
			suffix = OPT_DEFAULT_ROOT_SUFFIX;
		}

		String port = element.getAttribute(ATT_PORT);

		if (!StringUtils.hasText(port)) {
			port = getDefaultPort();
			if (logger.isDebugEnabled()) {
				logger.debug("Using default port of " + port);
			}
		}

		String url = "ldap://127.0.0.1:" + port + "/" + suffix;

		BeanDefinitionBuilder contextSource = BeanDefinitionBuilder
				.rootBeanDefinition(CONTEXT_SOURCE_CLASS);
		contextSource.addConstructorArgValue(url);
		contextSource.addPropertyValue("userDn", "uid=admin,ou=system");
		contextSource.addPropertyValue("password", "secret");

		RootBeanDefinition apacheContainer = new RootBeanDefinition(
				"org.springframework.security.ldap.server.ApacheDSContainer", null, null);
		apacheContainer.setSource(source);
		apacheContainer.getConstructorArgumentValues().addGenericArgumentValue(suffix);

		String ldifs = element.getAttribute(ATT_LDIF_FILE);
		if (!StringUtils.hasText(ldifs)) {
			ldifs = OPT_DEFAULT_LDIF_FILE;
		}

		apacheContainer.getConstructorArgumentValues().addGenericArgumentValue(ldifs);
		apacheContainer.getPropertyValues().addPropertyValue("port", port);

		logger.info("Embedded LDAP server bean definition created for URL: " + url);

		if (parserContext.getRegistry()
				.containsBeanDefinition(BeanIds.EMBEDDED_APACHE_DS)) {
			parserContext.getReaderContext().error(
					"Only one embedded server bean is allowed per application context",
					element);
		}

		parserContext.getRegistry().registerBeanDefinition(BeanIds.EMBEDDED_APACHE_DS,
				apacheContainer);

		return (RootBeanDefinition) contextSource.getBeanDefinition();
	}

	private String getDefaultPort() {
		ServerSocket serverSocket = null;
		try {
			try {
				serverSocket = new ServerSocket(DEFAULT_PORT);
			}
			catch (IOException e) {
				try {
					serverSocket = new ServerSocket(0);
				}
				catch (IOException e2) {
					return String.valueOf(DEFAULT_PORT);
				}
			}
			return String.valueOf(serverSocket.getLocalPort());
		}
		finally {
			if (serverSocket != null) {
				try {
					serverSocket.close();
				}
				catch (IOException e) {
				}
			}
		}
	}
}