Created
February 2, 2012 10:20
-
-
Save jechlin/1722771 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package package.name.removed | |
| import com.atlassian.crowd.directory.DelegatedAuthenticationDirectory; | |
| import com.atlassian.crowd.directory.loader.DirectoryInstanceLoader; | |
| import com.atlassian.crowd.embedded.api.Directory; | |
| import com.atlassian.crowd.embedded.api.User; | |
| import com.atlassian.crowd.exception.DirectoryInstantiationException; | |
| import com.atlassian.crowd.exception.OperationFailedException; | |
| import com.atlassian.crowd.exception.UserNotFoundException; | |
| import com.atlassian.crowd.manager.directory.DirectoryManager; | |
| import com.atlassian.jira.ComponentManager; | |
| import com.atlassian.jira.security.login.JiraSeraphAuthenticator; | |
| import com.atlassian.seraph.auth.AuthenticatorException; | |
| import com.atlassian.seraph.auth.DefaultAuthenticator; | |
| import com.opensymphony.util.TextUtils; | |
| import org.apache.log4j.Logger; | |
| import javax.servlet.http.HttpServletRequest; | |
| import javax.servlet.http.HttpServletResponse; | |
| import java.security.Principal; | |
| public class AjpAuthenticator extends JiraSeraphAuthenticator { | |
| private static final Logger log = Logger.getLogger(AjpAuthenticator.class); | |
| private DirectoryManager directoryManager; | |
| private DirectoryInstanceLoader directoryInstanceLoader; | |
| public AjpAuthenticator() { | |
| this.directoryInstanceLoader = ComponentManager.getComponentInstanceOfType(DirectoryInstanceLoader.class); | |
| this.directoryManager = ComponentManager.getComponentInstanceOfType(DirectoryManager.class); | |
| } | |
| public AjpAuthenticator(DirectoryManager directoryManager, DirectoryInstanceLoader directoryInstanceLoader) { | |
| this.directoryManager = directoryManager; | |
| this.directoryInstanceLoader = directoryInstanceLoader; | |
| } | |
| @Override | |
| public synchronized Principal getUser(HttpServletRequest request, HttpServletResponse response) { | |
| Principal principal = super.getUser(request, response); | |
| if (principal != null) { | |
| log.debug("Got principal from session: " + principal.getName()); | |
| return principal; | |
| } | |
| if (! request.isSecure() || !TextUtils.stringSet(request.getRemoteUser())) { | |
| return null; | |
| } | |
| User ldapUser = (User) ComponentManager.getInstance().getUserUtil().getUserObject(request.getRemoteUser()); | |
| if (ldapUser == null) { | |
| try { | |
| DelegatedAuthenticationDirectory directory = getDelegatedAuthenticationDirectory(); | |
| ldapUser = directory.addOrUpdateLdapUser(request.getRemoteUser()); | |
| } catch (DirectoryInstantiationException e) { | |
| log.error("Could not instantiate delegated directory", e); | |
| return null; | |
| } catch (UserNotFoundException e) { | |
| log.error("UserNotFoundException", e); | |
| return null; | |
| } catch (OperationFailedException e) { | |
| log.error("OperationFailedException", e); | |
| return null; | |
| } | |
| } | |
| if (ldapUser != null) { | |
| request.getSession().setAttribute(DefaultAuthenticator.LOGGED_IN_KEY, ldapUser); | |
| request.getSession().setAttribute(DefaultAuthenticator.LOGGED_OUT_KEY, null); | |
| log.debug("Got principal from request: " + ldapUser.getName()); | |
| } | |
| return ldapUser; | |
| } | |
| public boolean logout(HttpServletRequest request, | |
| HttpServletResponse response) throws AuthenticatorException { | |
| log.debug("logout invoked"); | |
| request.getSession().setAttribute(LOGGED_IN_KEY, null); | |
| request.getSession().setAttribute(LOGGED_OUT_KEY, true); | |
| return true; | |
| } | |
| @Override | |
| protected boolean authenticate(Principal user, String password) throws AuthenticatorException | |
| { | |
| return super.authenticate(user, password); | |
| } | |
| private Directory getLdapDirectory() { | |
| for (Directory d : directoryManager.findAllDirectories()) { | |
| if ("com.atlassian.crowd.directory.DelegatedAuthenticationDirectory".equals(d.getImplementationClass())) { | |
| return d; | |
| } | |
| } | |
| throw new IllegalArgumentException("No LDAP delegating directory found"); | |
| } | |
| private DelegatedAuthenticationDirectory getDelegatedAuthenticationDirectory() throws DirectoryInstantiationException { | |
| Directory ldapDirectory = getLdapDirectory(); | |
| return (DelegatedAuthenticationDirectory) directoryInstanceLoader.getDirectory(ldapDirectory); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment