--- LDAPAuthorizationProvider.java.orig 2006-04-24 11:32:35.000000000 -0400 +++ LDAPAuthorizationProvider.java 2006-04-24 11:33:51.000000000 -0400 @@ -34,6 +34,7 @@ import netscape.ldap.LDAPException; import netscape.ldap.LDAPSearchResults; import netscape.ldap.LDAPv2; +import netscape.ldap.factory.JSSESocketFactory; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.blojsom.BlojsomException; @@ -81,6 +82,7 @@ private static final String BLOG_LDAP_AUTHORIZATION_UID_IP = "blog-ldap-authorization-uid"; private static final String BLOG_LDAP_AUTHORIZATION_BINDING_USER_IP = "blog-ldap-authorization-bindinguser"; private static final String BLOG_LDAP_AUTHORIZATION_BINDING_PASSWORD_IP = "blog-ldap-authorization-bindingpassword"; + private static final String BLOG_LDAP_AUTHORIZATION_USE_SSL = "blog-ldap-authorization-use-ssl"; private static final String UID_DEFAULT = "uid"; @@ -92,7 +94,8 @@ private String _bindingUser = null; private String _bindingPassword = null; - + private boolean _useSSL=false; + private JSSESocketFactory ldapSocketFactory; /** * Default constructor */ @@ -113,10 +116,16 @@ _ldapServer = _servletConfig.getInitParameter(BLOG_LDAP_AUTHORIZATION_SERVER_IP); _ldapDN = _servletConfig.getInitParameter(BLOG_LDAP_AUTHORIZATION_DN_IP); String port = _servletConfig.getInitParameter(BLOG_LDAP_AUTHORIZATION_PORT_IP); + if (!BlojsomUtils.checkNullOrBlank(_servletConfig.getInitParameter(BLOG_LDAP_AUTHORIZATION_UID_IP))) { _uidAttributeName = _servletConfig.getInitParameter(BLOG_LDAP_AUTHORIZATION_UID_IP); } + if (!BlojsomUtils.checkNullOrBlank(_servletConfig.getInitParameter(BLOG_LDAP_AUTHORIZATION_USE_SSL))) { + String bool= _servletConfig.getInitParameter(BLOG_LDAP_AUTHORIZATION_USE_SSL); + _useSSL=Boolean.valueOf(bool).booleanValue(); + } + // We don't setup a credentions map here, because with LDAP, you can't // obtain the user's passwords, you can only check/authenticate against // the LDAP server. Instead, check each time in the authorize method. @@ -155,7 +164,8 @@ _logger.debug("LDAP Authorization Provider UID: " + _uidAttributeName); _logger.debug("LDAP Authorization Provider binding user: " + _bindingUser); _logger.debug("LDAP Authorization Provider binding password: **********"); - + _logger.debug("LDAP Authorization Provider UseSSL: " + _useSSL); + _logger.debug("Initialized LDAP authorization provider"); } @@ -213,8 +223,18 @@ } try { - LDAPConnection ldapConnection = new LDAPConnection(); - + + LDAPConnection ldapConnection=null; + + if(_useSSL){ + ldapSocketFactory = new JSSESocketFactory(); + ldapConnection = new LDAPConnection(ldapSocketFactory); + + }else{ + ldapConnection = new LDAPConnection(); + + } + // Connect to the directory server ldapConnection.connect(_ldapServer, _ldapPort); @@ -258,9 +278,19 @@ * @return DN for a given username or null if there is an exception in lookup */ protected String getDN(String username) { - try { - LDAPConnection ldapConnection = new LDAPConnection(); - + + try { + LDAPConnection ldapConnection=null; + + if(_useSSL){ + ldapSocketFactory = new JSSESocketFactory(); + ldapConnection = new LDAPConnection(ldapSocketFactory); + + }else{ + ldapConnection = new LDAPConnection(); + + } + // Connect to the directory server ldapConnection.connect(_ldapServer, _ldapPort); @@ -288,6 +318,7 @@ return dn; } catch (LDAPException e) { // Some exception occurred above; the search for the dn failed. + _logger.debug("Error getting DN:"+e.getLDAPErrorMessage()); return null; } }