Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.blojsom.authorization.ldap
Class LDAPAuthorizationProvider

java.lang.Object
  extended byorg.blojsom.authorization.database.DatabaseAuthorizationProvider
      extended byorg.blojsom.authorization.ldap.LDAPAuthorizationProvider
All Implemented Interfaces:
AuthorizationProvider
public class LDAPAuthorizationProvider
extends DatabaseAuthorizationProvider

LDAPAuthorizationProvider

This implementation authenticates a user against an LDAP server. The user name must be the same as that of their LDAP user (uid). There are two ways to configure this in terms of the accepted users. The first is where only the blog owner can edit the blog. To use this technique, delete the authorization.properties file from the user's blog directory. The lack of this file tells the authorization logic to use the blog owner as the UID for LDAP authentication. The second way provides multiple user editing of a blog. This second way utilizes the authorization.properties file's user names (it ignores passwords and other data). Incoming authorization requests have the user name checked to see if it is listed in the authorization.properties file (indicating a user who is allowed to edit this blog). If it is in the list, this username is used as the LDAP UID. This class/implementation requires LDAP protocol version 3. You must set the configuration values defined by the BlojsomConstants: BLOG_LDAP_AUTHORIZATION_SERVER_IP, BLOG_LDAP_AUTHORIZATION_DN_IP, and BLOG_LDAP_AUTHORIZATION_PORT_IP (optional).

Note, this implementation currently requires the Mozilla LDAP Java SDK. See http://www.mozilla.org/directory/.

Since:
blojsom 3.0
Version:
$Id: LDAPAuthorizationProvider.java,v 1.5 2007/01/17 01:15:46 czarneckid Exp $
Author:
David Czarnecki, Christopher Bailey

Field Summary
 
Fields inherited from class org.blojsom.authorization.database.DatabaseAuthorizationProvider
_sessionFactory
 
Constructor Summary
LDAPAuthorizationProvider()
          Default constructor
 
Method Summary
 void authorize(Blog blog, java.util.Map authorizationContext, java.lang.String username, java.lang.String password)
          Authorize a username and password for the given Blog
protected  java.lang.String getAttribute(java.lang.String username, java.lang.String attribute)
          Get a specific attribute value for a given username
protected  java.lang.String getBaseDN()
          Return the LDAP base DN
protected  java.lang.String getDN(java.lang.String username)
          Get the DN for a given username
protected  int getPort()
          Return the LDAP server port
protected  java.lang.String getServer()
          Return the LDAP server name
 void init()
          Initialization method for the authorization provider
 void setServletConfig(javax.servlet.ServletConfig servletConfig)
          Set the ServletConfig for the fetcher to grab initialization parameters
 
Methods inherited from class org.blojsom.authorization.database.DatabaseAuthorizationProvider
checkPermission, setSessionFactory
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

LDAPAuthorizationProvider

public LDAPAuthorizationProvider()
Default constructor

Method Detail

setServletConfig

public void setServletConfig(javax.servlet.ServletConfig servletConfig)
Set the ServletConfig for the fetcher to grab initialization parameters

Parameters:
servletConfig - ServletConfig

init

public void init()
          throws ConfigurationException
Initialization method for the authorization provider

Specified by:
init in interface AuthorizationProvider
Overrides:
init in class DatabaseAuthorizationProvider
Throws:
ConfigurationException - If there is an error initializing the provider

authorize

public void authorize(Blog blog,
                      java.util.Map authorizationContext,
                      java.lang.String username,
                      java.lang.String password)
               throws AuthorizationException
Authorize a username and password for the given Blog

Specified by:
authorize in interface AuthorizationProvider
Overrides:
authorize in class DatabaseAuthorizationProvider
Parameters:
blog - Blog
authorizationContext - Map to be used to provide other information for authorization. This will change depending on the authorization provider. This parameter is not used in this implementation.
username - Username. In this implementation, this value must match that of the blog user's ID.
password - Password
Throws:
AuthorizationException - If there is an error authorizing the username and password

getDN

protected java.lang.String getDN(java.lang.String username)
Get the DN for a given username

Parameters:
username - Username
Returns:
DN for a given username or null if there is an exception in lookup

getAttribute

protected java.lang.String getAttribute(java.lang.String username,
                                        java.lang.String attribute)
Get a specific attribute value for a given username

Parameters:
username - Username
attribute - Attribute
Returns:
attribute value for a given username or null if there is an exception in lookup

getServer

protected java.lang.String getServer()
Return the LDAP server name

Returns:
LDAP server name

getPort

protected int getPort()
Return the LDAP server port

Returns:
LDAP server port

getBaseDN

protected java.lang.String getBaseDN()
Return the LDAP base DN

Returns:
LDAP base DN
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD