Ldap User Management with Spring LDAP
Java Naming and Directory Interface (JDNI) is the API used for LDAP programming on the Java platform. JNDI makes far too much work of simple procedures, such as ensuring that resources have been properly opened and closed. In addition, most JNDI methods throw checked exceptions, which are time-consuming to handle.
Spring LDAP provides a sophisticated wrapper API on top of JNDI to make LDAP Programming easier. Here i will show you on how to write, update and delete entries on ldap server using Spring LDAP.
Download Spring Ldap from http://www.springsource.com/download/community
Spring Configuration
Create an LdapContextSource and an LdapTemplate object. Configure the ldapServer url, baseDn and optionally userDn, password if anonymous access is not allowed. Also inject the LdapTemplate into DAO.
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="url" value="ldap://localhost:389" />
<property name="base" value="dc=javachap,dc=com" />
<property name="userDn" value="cn=Manager,dc=javachap,dc=com" />
<property name="password" value="mypassword" />
</bean>
<bean id="ldapTemplate">
<constructor-arg ref="contextSource" />
</bean>
<bean id="userService">
<property name="ldapTemplate" ref="ldapTemplate"/>
</bean>
Domain
Create a simple user domain interface and implementation which holds the basic information about the user. The information with in this user object will be persisted to the Ldap.
package com.javachap.domain;
public interface User {
String getUserName();
void setUserName(String userName);
String getFirstName();
void setFirstName(String firstName);
String getLastName();
void setLastName(String lastName);
String getEmail();
void setEmail(String email);
String getPassword();
void setPassword(String password);
String getDepartment();
void setDepartment(String departement);
String[] getGroups();
void setGroups(String[] groups);
}
package com.javachap.domain.impl;
import com.javachap.domain.User;
public class UserImpl implements User {
private static final long serialVersionUID = 7487133273442955818L;
private String userName;
private String firstName;
private String lastName;
private String email;
private String password;
private String department;
private String groups[];
public String getUserName() {
return userName;
}
public void setUserName(String userName) {
this.userName = userName;
}
public String getFirstName() {
return firstName;
}
public void setFirstName(String firstName) {
this.firstName = firstName;
}
public String getLastName() {
return lastName;
}
public void setLastName(String lastName) {
this.lastName = lastName;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getDepartment() {
return department;
}
public void setDepartment(String department) {
this.department = department;
}
public String[] getGroups() {
return groups;
}
public void setGroups(String[] groups) {
this.groups = groups;
}
public String toString() {
StringBuffer buffer = new StringBuffer();
buffer.append("UserImpl[");
buffer.append("id = ").append(id);
buffer.append(" userName = ").append(userName);
buffer.append(" email = ").append(email);
buffer.append(" firstName = ").append(firstName);
buffer.append(" lastName = ").append(lastName);
buffer.append(" password = ").append(password);
buffer.append("]");
return buffer.toString();
}
}
User DAO
LdapTemplate is built on the same principles as the JdbcTemplate in Spring JDBC. It completely eliminates the need to worry about creating and closing DirContext and looping through NamingEnumeration. It also provides a more comprehensive unchecked exception hierarchy, built on Spring’s DataAccessException.
package com.javachap.service;
import java.util.List;
/**
* UserService
*
* @author JavaChap
*/
public interface UserService {
User getUser(final String email);
User save(final User user);
boolean authenticate(final String userName, final String password);
List<User> getUsers(final String pattern);
void delete(final User user);
}
package com.javachap.service.impl;
import java.io.UnsupportedEncodingException;
/**
* UserService Implementation
*
* @author JavaChap
*/
public class UserServiceImpl implements UserService {
private static final long serialVersionUID = 4889152297004460837L;
public static final String BASE_DN = "dc=javachap,dc=com";
private static class UserAttributesMapper implements AttributesMapper {
public Object mapFromAttributes(Attributes attrs)
throws NamingException {
User user = (User) AppUtils.getBean("user");
if (attrs.get("uid") != null) {
user.setUserName((String) attrs.get("uid").get());
}
if (attrs.get("cn") != null) {
user.setFirstName((String) attrs.get("cn").get());
}
if (attrs.get("sn") != null) {
user.setLastName((String) attrs.get("sn").get());
}
if (attrs.get("mail") != null) {
user.setEmail((String) attrs.get("mail").get());
}
return user;
}
}
private LdapTemplate ldapTemplate;
public void setLdapTemplate(final LdapTemplate ldapTemplate) {
this.ldapTemplate = ldapTemplate;
}
public boolean authenticate(String userName, String password) {
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter("objectclass", "person")).and(
new EqualsFilter("uid", userName));
return ldapTemplate.authenticate(DistinguishedName.EMPTY_PATH, filter
.toString(), password);
}
public User getUser(final String userName) {
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter("objectclass", "person")).and(
new EqualsFilter("uid", userName));
List<User> users = ldapTemplate.search(DistinguishedName.EMPTY_PATH,
filter.encode(), new UserAttributesMapper());
if (!users.isEmpty()) {
return users.get(0);
}
return null;
}
public List<User> getUsers(final String pattern) {
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter("objectclass", "person"));
if (pattern != null) {
filter.and(new LikeFilter("uid", pattern));
}
List<User> users = ldapTemplate.search(DistinguishedName.EMPTY_PATH,
filter.encode(), new UserAttributesMapper());
return users;
}
public User save(final User user) {
Name dn = buildDn(user);
ldapTemplate.bind(dn, null, buildAttributes(user));
// Update Groups
for (String group : user.getGroups()) {
try {
DistinguishedName groupDn = new DistinguishedName();
groupDn.add("ou", "Groups");
groupDn.add("cn", group);
DirContextOperations context = ldapTemplate
.lookupContext(groupDn);
context.addAttributeValue("memberUid", user.getUserName());
ldapTemplate.modifyAttributes(context);
} catch (Exception e) {
e.printStackTrace();
}
}
return user;
}
public User update(final User user) {
Name dn = buildDn(user);
ldapTemplate.rebind(dn, null, buildAttributes(user));
return user;
}
public void delete(User user) {
Name dn = buildDn(user);
ldapTemplate.unbind(dn);
}
private Name buildDn(final User user) {
DistinguishedName dn = new DistinguishedName();
dn.add("ou", "People");
if (user.getDepartment() != null) {
dn.add("ou", user.getDepartment());
}
dn.add("uid", user.getUserName());
return dn;
}
private Attributes buildAttributes(final User user) {
Attributes attrs = new BasicAttributes();
BasicAttribute ocattr = new BasicAttribute("objectclass");
ocattr.add("person");
ocattr.add("inetOrgPerson");
attrs.put(ocattr);
attrs.put("cn", user.getFirstName());
attrs.put("sn", user.getLastName());
attrs.put("userPassword", "{SHA}" + this.encrypt(user.getPassword()));
attrs.put("mail", user.getEmail());
return attrs;
}
private String encrypt(final String plaintext) {
MessageDigest md = null;
try {
md = MessageDigest.getInstance("SHA");
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e.getMessage());
}
try {
md.update(plaintext.getBytes("UTF-8"));
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e.getMessage());
}
byte raw[] = md.digest();
String hash = (new BASE64Encoder()).encode(raw);
return hash;
}
}
Test class
package com.javachap.service.impl;
import org.apache.log4j.BasicConfigurator;
import org.springframework.beans.factory.xml.XmlBeanDefinitionReader;
import org.springframework.context.support.GenericApplicationContext;
import org.springframework.core.io.ClassPathResource;
import com.javachap.domain.User;
import com.javachap.domain.impl.UserImpl;
import com.javachap.service.ServiceUtils;
import com.javachap.service.UserService;
import com.javachap.utils.AppUtils;
public class Test {
public static void main(String args[]) {
BasicConfigurator.configure();
GenericApplicationContext appContext = new GenericApplicationContext();
XmlBeanDefinitionReader xmlReader = new XmlBeanDefinitionReader(
appContext);
xmlReader.loadBeanDefinitions(new ClassPathResource(
"applicationContext.xml"));
appContext.refresh();
AppUtils.setApplicationContext(appContext);
UserService userService = ServiceUtils.getUserService();
// User Authenticate
boolean authenticated = userService.authenticate("user@javachap.com",
"javachap");
System.out.println("Authenticated: " + authenticated);
// User Save
User user = new UserImpl();
user.setUserName("javachap2");
user.setFirstName("java");
user.setLastName("chap");
user.setEmail("user2@javachap.com");
user.setPassword("chapjava");
user.setDepartment("Engineering");
user.setGroups(new String[] { "Admin", "HudsonAdmin", "WikiAdmin" });
userService.save(user);
// User Get
user = userService.getUser("javachap2");
System.out.println("User:" + user);
}
}
References
http://today.java.net/article/2006/04/14/ldaptemplate-ldap-programming-java-made-simple
Recent Comments