/**
* Initialize this <code>LoginModule</code>.
*
* @param subject the <code>Subject</code> to be authenticated.
* @param callbackHandler a <code>CallbackHandler</code> to acquire the username and password.
* @param sharedState shared <code>LoginModule</code> state.
* @param options options specified in the login <code>Configuration</code> for this particular
* <code>LoginModule</code>.
*/
public void initialize(
Subject subject,
CallbackHandler callbackHandler,
Map<String, ?> sharedState,
Map<String, ?> options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
ldapEnvironment = new Hashtable(9);
ldapEnvironment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
// Add any JNDI properties to the environment
Set keys = options.keySet();
String key;
for (Iterator i = keys.iterator(); i.hasNext(); ) {
key = (String) i.next();
if (key.indexOf(".") > -1) {
ldapEnvironment.put(key, options.get(key));
}
}
// initialize any configured options
userProvider = (String) options.get(USER_PROVIDER);
if (userProvider != null) {
ldapEnvironment.put(Context.PROVIDER_URL, userProvider);
}
authcIdentity = (String) options.get(AUTHC_IDENTITY);
if (authcIdentity != null && (authcIdentity.indexOf(USERNAME_TOKEN) != -1)) {
identityMatcher = USERNAME_PATTERN.matcher(authcIdentity);
}
userFilter = (String) options.get(USER_FILTER);
if (userFilter != null) {
if (userFilter.indexOf(USERNAME_TOKEN) != -1) {
filterMatcher = USERNAME_PATTERN.matcher(userFilter);
}
constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
constraints.setReturningAttributes(new String[0]); // return no attrs
constraints.setReturningObjFlag(true); // to get the full DN
}
authzIdentity = (String) options.get(AUTHZ_IDENTITY);
if (authzIdentity != null && authzIdentity.startsWith("{") && authzIdentity.endsWith("}")) {
if (constraints != null) {
authzIdentityAttr = authzIdentity.substring(1, authzIdentity.length() - 1);
constraints.setReturningAttributes(new String[] {authzIdentityAttr});
}
authzIdentity = null; // set later, from the specified attribute
}
// determine mode
if (authcIdentity != null) {
if (userFilter != null) {
authFirst = true; // authentication-first mode
} else {
authOnly = true; // authentication-only mode
}
}
if ("false".equalsIgnoreCase((String) options.get("useSSL"))) {
useSSL = false;
ldapEnvironment.remove(Context.SECURITY_PROTOCOL);
} else {
ldapEnvironment.put(Context.SECURITY_PROTOCOL, "ssl");
}
tryFirstPass = "******".equalsIgnoreCase((String) options.get("tryFirstPass"));
useFirstPass = "******".equalsIgnoreCase((String) options.get("useFirstPass"));
storePass = "******".equalsIgnoreCase((String) options.get("storePass"));
clearPass = "******".equalsIgnoreCase((String) options.get("clearPass"));
debug = "true".equalsIgnoreCase((String) options.get("debug"));
if (debug) {
if (authFirst) {
System.out.println(
"\t\t[LdapLoginModule] "
+ "authentication-first mode; "
+ (useSSL ? "SSL enabled" : "SSL disabled"));
} else if (authOnly) {
System.out.println(
"\t\t[LdapLoginModule] "
+ "authentication-only mode; "
+ (useSSL ? "SSL enabled" : "SSL disabled"));
} else {
System.out.println(
"\t\t[LdapLoginModule] "
+ "search-first mode; "
+ (useSSL ? "SSL enabled" : "SSL disabled"));
}
}
}
