/** * Initialize this <code>LoginModule</code>. * * @param subject the <code>Subject</code> to be authenticated. * @param callbackHandler a <code>CallbackHandler</code> to acquire the username and password. * @param sharedState shared <code>LoginModule</code> state. * @param options options specified in the login <code>Configuration</code> for this particular * <code>LoginModule</code>. */ public void initialize( Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) { this.subject = subject; this.callbackHandler = callbackHandler; this.sharedState = sharedState; this.options = options; ldapEnvironment = new Hashtable(9); ldapEnvironment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); // Add any JNDI properties to the environment Set keys = options.keySet(); String key; for (Iterator i = keys.iterator(); i.hasNext(); ) { key = (String) i.next(); if (key.indexOf(".") > -1) { ldapEnvironment.put(key, options.get(key)); } } // initialize any configured options userProvider = (String) options.get(USER_PROVIDER); if (userProvider != null) { ldapEnvironment.put(Context.PROVIDER_URL, userProvider); } authcIdentity = (String) options.get(AUTHC_IDENTITY); if (authcIdentity != null && (authcIdentity.indexOf(USERNAME_TOKEN) != -1)) { identityMatcher = USERNAME_PATTERN.matcher(authcIdentity); } userFilter = (String) options.get(USER_FILTER); if (userFilter != null) { if (userFilter.indexOf(USERNAME_TOKEN) != -1) { filterMatcher = USERNAME_PATTERN.matcher(userFilter); } constraints = new SearchControls(); constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); constraints.setReturningAttributes(new String[0]); // return no attrs constraints.setReturningObjFlag(true); // to get the full DN } authzIdentity = (String) options.get(AUTHZ_IDENTITY); if (authzIdentity != null && authzIdentity.startsWith("{") && authzIdentity.endsWith("}")) { if (constraints != null) { authzIdentityAttr = authzIdentity.substring(1, authzIdentity.length() - 1); constraints.setReturningAttributes(new String[] {authzIdentityAttr}); } authzIdentity = null; // set later, from the specified attribute } // determine mode if (authcIdentity != null) { if (userFilter != null) { authFirst = true; // authentication-first mode } else { authOnly = true; // authentication-only mode } } if ("false".equalsIgnoreCase((String) options.get("useSSL"))) { useSSL = false; ldapEnvironment.remove(Context.SECURITY_PROTOCOL); } else { ldapEnvironment.put(Context.SECURITY_PROTOCOL, "ssl"); } tryFirstPass = "******".equalsIgnoreCase((String) options.get("tryFirstPass")); useFirstPass = "******".equalsIgnoreCase((String) options.get("useFirstPass")); storePass = "******".equalsIgnoreCase((String) options.get("storePass")); clearPass = "******".equalsIgnoreCase((String) options.get("clearPass")); debug = "true".equalsIgnoreCase((String) options.get("debug")); if (debug) { if (authFirst) { System.out.println( "\t\t[LdapLoginModule] " + "authentication-first mode; " + (useSSL ? "SSL enabled" : "SSL disabled")); } else if (authOnly) { System.out.println( "\t\t[LdapLoginModule] " + "authentication-only mode; " + (useSSL ? "SSL enabled" : "SSL disabled")); } else { System.out.println( "\t\t[LdapLoginModule] " + "search-first mode; " + (useSSL ? "SSL enabled" : "SSL disabled")); } } }